CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

CVE-2021-32596

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...

CVE-2021-32596

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...

Default credentials

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables...

CVE-2021-32596

CVE-2021-32596 affects FortiPortal 6.0.0 through 6.04, where a vulnerable password store uses a one-way hash with a predictable salt, enabling an attacker with access to the password store to decrypt passwords via precomputed tables. The connected sources (Fortinet advisory FG-IR-21-094 and relat...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

Design/Logic Flaw

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

The vulnerability of the cryptographic module of microprogramming software for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to trigger a service failure.

The vulnerability of the cryptographic module of microprogramming software for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to errors in encryption and decryption processes. Exploiting this vulnerability can allow a malicious actor to cause service...

CVE-2021-20505

The PowerVM Logical Partition MobilityLPM PowerVM Hypervisor FW920, FW930, FW940, and FW950 encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to...

[Security Nation] Philipp Amann on No More Ransom

!\Security Nation\ Philipp Amann on No More Ransomhttps://blog.rapid7.com/content/images/2021/07/securitynationlogo-2.jpg In this episode of Security Nation, we're joined by Philipp Amann of Europol. Jen and Tod chat with Philipp about No More Ransom, a Europol-lead effort to combat ransomware by...

New Ransomware Gangs Haron & BlackMatter Are After Fat Cats

So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with. The first new group to appear this month was Haron, and the second is named BlackMatter. As Ars Technica‘s Dan...

GO-2021-0102 Panic in decryption in code.cloudfoundry.org/gorouter

Due to improper input validation, a maliciously crafted input can cause a panic, due to incorrect nonce size. If this package is used to decrypt user supplied messages without checking the size of supplied nonces, this may be used as a vector for a denial of service attack...

CVE-2021-32001

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? | McAfee Blogs

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and nix Systems? Thibault Seret · JUL 28, 2021 Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the...

CVE-2021-37587

Charm 0.43 contains a cryptographic weakness where any single user can decrypt DAC-MACS or MA-ABE-YJ14 data. The vulnerability is documented across multiple sources (NVD, OSV, CNVD/CNNVD and CVE listings). Exploitation status is not detailed in the provided fragments; no patch/version remediation...

CVE-2021-37587

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data...

CVE-2021-37588

CVE-2021-37588 (Charm 0.43) : Charm 0.43 contains a cryptographic issue that allows any two users to collude to decrypt YCT14 data. The vulnerability is documented across multiple sources (NVD, Red Hat, OSV, CNNVD, etc.), indicating a cryptographic flaw rather than a typical software bug in a sin...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

Decrypter FOMO No Mo’: Five Years of the No More Ransom Project

The amazing No More Ransom Project celebrates its fifth anniversary today and so we just wanted to take a moment to talk about what it has accomplished and why you should tell all your friends about it. The name pretty much says it all — No More Ransom aims to help organizations avoid having to p...