CTB-Locker Ransomware Spreading Rapidly, Infects Thousands of Web Servers

Ransomware has steadily evolved over the past decade, moving from isolated attacks on individual computers to wider campaigns that disrupt entire services. Families such as Cryptowall and Locky showed how quickly file-encrypting malware could spread across Windows systems. Researchers are now...

CTB-Locker/Critroni Finds New Legs Targeting Websites

After months of relative dormancy, ransomware CTB-Locker or Critroni is back and this time finding new life targeting websites. Researchers are calling this variant “CTB-Locker for Websites” because it targets websites, encrypts their content, and demands a 0.4 bitcoin $425 ransom for access to t...

DSA-3488-1 libssh - security update

Bulletin has no description...

CVE-2016-1321

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco serve...

Design/Logic Flaw

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco serve...

CVE-2016-1321

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco serve...

How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hacker...

[SECURITY] [DSA 3478-1] libgcrypt11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3478-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 15, 2016 https://www.debian.org/security/faq -...

DSA-3478-1 libgcrypt11 - security update

Bulletin has no description...

Debian DSA-3474-1 : libgcrypt20 - security update

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/tromer/ecdh/ for details. %NASLMINLEVEL 70300 C Tenable Network Securit...

Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

Over the last few years, we have seen several types of Ransomware malware that demand a whopping amount of money from users for the retrieval of their locked, compromised sensitive files. We have also witnessed the birth of decryption solution for some of the Ransomware like Cryptolocker partial,...

Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability

A vulnerability in Cisco Universal Small Cell devices could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server. The vulnerability is due to insufficient enforcement of the two-way certificate validation process by the Cisco-hosted binary server to...

Debian Security Advisory DSA 3474-1 (libgcrypt20 - security update)

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/tromer/ecdh/ for details. OpenVAS Vulnerability Test $Id: deb3474.nasl...

Microsoft Windows Kerberos Security Feature Bypass Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.Kerberos is a set of network authentication protocols developed by the Massachusetts Institute of Technology MIT in the United States, which adopts a client/server structure, and the client and server can authenticate each...

OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net

by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...

OpenSSL high-risk vulnerabilities allow attackers to decrypt HTTPS traffic-bug warning-the black bar safety net

OpenSSL maintainer to fix a high risk vulnerability allows an attacker can obtain the decryption of HTTPS and other encrypted traffic key. Vulnerability the potential impact of While serious, but the need to meet multiple criteria to be used: the vulnerability exists only in OpenSSL 1.0.2; rely o...

OpenSSL high-risk vulnerabilities allow hackers to decrypt HTTPS traffic（CVE-2 0 1 6-0 7 0 1-a vulnerability warning-the black bar safety net

! The OpenSSL encryption code library defenders are declared fixes a high risk vulnerability. The vulnerability could allow a hacker to access in HTTPS and other secure transport layer, for the encrypted communication to decrypt the key. OpenSSL vulnerability details When various conditions are...

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security TLS channels. OpenSSL is an open-source library that is the most...

Government Agencies Audit For Juniper Backdoor

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...

[SECURITY] Fedora 22 Update: python-rsa-3.3-2.fc22

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...