Broadcom Wi-Fi Devices - KR00K Information Disclosure

Broadcom Wi-Fi Devices - KR00K Information Disclosure Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this...

CVE-2019-11686

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...

Design/Logic Flaw

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...

CVE-2019-11686

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...

CVE-2019-11686

CVE-2019-11686 concerns Western Digital/SanDisk self-encrypting drives (X300, X300s, X400, X600). The wear-leveling algorithm can leave cryptographic parameters (e.g., DEKs) on media after supposed erasure, potentially enabling data disclosure if an attacker accesses the drive. Connected sources ...

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved...

CVE-2020-4283

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...

Code injection

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...

Google Advises Android Developers to Encrypt App Data On Device

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...

VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis

Ryuk Ransomware has been crippling both the public and private sector recently with the ability to disrupt its target environment. The ransomware will typically be dropped by an already compromised system that has been infected by Trickbot or Emotet through a phishing email. Once the Ryuk payload...

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

CVE-2020-4224

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133...

Security Bulletin: Information Disclosure in IBM StoredIQ (CVE-2020-4224)

Summary IBM StoredIQ has addressed the following information disclosure vulnerability. Vulnerability Details CVEID: CVE-2020-4224 DESCRIPTION: IBM StoredIQ could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links...

Shlayer Trojan attacks one in ten macOS users

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell int...

Security Bulletin: Vulnerability in the Fabric OS used by IBM b-type SAN directors and switches.

Summary Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurr...

Incident Response lessons from recent Maze ransomware attacks

By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial...

Fortinet FortiOS < 5.6.10 / 6.0 < 6.0.7 / 6.2.x < 6.2.1 Vulnerable Encryption (FG-IR-19-007)

The remote host is running a version of FortiOS that has not yet enabled private-data-encryption. A authorized remote user with access or knowledge of the standard encryption key could gain access and decrypt the FortiOS backup files and all non-administor passwords and private keys.' CVE-2019-66...

CVE-2019-17428

CVE-2019-17428 affects Intesync Solismed 3.3sp1. The issue is a flaw in the encryption implementation that allows all encrypted data in the database to be decrypted. The connected documents corroborate an encryption weakness; no exploit details or specific remediation are provided in the supplied...

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because ...

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology...