Kaseya Attack Fallout: CISA, FBI Offer Guidance

The REvil cybergang is taking credit for Friday’s massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. Federal...

SUSE SLES12 Security Update : python-rsa (SUSE-SU-2021:2237-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2237-1 advisory. - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by...

Advisory ROSA-SA-2021-1887

Software: libreswan 3.25 OS: Cobalt 7.9 CVE-ID: CVE-2019-10155 CVE-Crit: LOW CVE-DESC: The Libreswan project has discovered a vulnerability in the handling of IKEv1 information exchange packets that are encrypted and integrity protected using the established IKE SA encryption and integrity keys,...

SUSE-SU-2021:2237-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading '\0' bytes during decryption of ciphertext bsc1172389...

Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers. A hacker claims to have stolen the company’s entire customer database before knocking its website offline Threatpost confirmed that as of press time, the website was down. The stole...

Babuk Ransomware Builder Mysteriously Appears in VirusTotal

The Babuk ransomware gang’s source code has been uploaded to VirusTotal, making it available to all security vendors and competitors. It’s unclear however just how that happened. According to a Wednesday posting from Malwarebytes, the operators of the ransomware – perhaps best-known for hitting t...

MGASA-2021-0300 Updated nettle packages fix security vulnerabilities

Remote crash in RSA decryption via manipulated ciphertext CVE-2021-3580. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with...

Weidmueller Industrial WLAN devices trust management issue vulnerability (CNVD-2021-48133)

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. Weidmueller Industrial WLAN devices Trust Management Issue vulnerability, which stems from the use of hard-coded keys in the service agent binary, can be exploited by an attacker to decrypt captured traffic from ...

SUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2021:2135-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2135-1 advisory. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this fl...

SUSE SLED15 / SLES15 Security Update : libnettle (SUSE-SU-2021:2143-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2143-1 advisory. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this fl...

USN-5000-2 linux-kvm vulnerabilities

USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 20.04 LTS. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of...

CVE-2021-33529

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device...

Hardcoded credentials

In Weidmueller Industrial WLAN devices in multiple versions the usage of hard-coded cryptographic keys within the service agent binary allows for the decryption of captured traffic across the network from or to the device...

Weidmueller Industrial WLAN 信任管理问题漏洞

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. Weidmueller Industrial WLAN devices Trust Management Issue vulnerability, which stems from the use of hard-coded keys in the service agent binary, can be exploited by an attacker to decrypt captured traffic from ...

CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

DEBIAN-CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

Design/Logic Flaw

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

CVE-2021-29950

Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird 78.8.1...

OPENSUSE-SU-2021:0906-1 Security update for libnettle

This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext bsc1187060. This update was imported from the SUSE:SLE-15:Update update project...