Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know

Australia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill , on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access...

Adventures in Video Conferencing Part 2: Fun with FaceTime

Posted by Natalie Silvanovich, Project Zero FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the contents of FaceTime’s audio and video streams would...

Multiple RICOH Interactive Whiteboard Products Information Disclosure Vulnerability

RICOH Interactive Whiteboard D2200 and others are multifunction printer devices from Ricoh, Japan. A security vulnerability exists in several RICOH Interactive Whiteboard products. An attacker could exploit this vulnerability by performing a man-in-the-middle attack to steal encrypted...

CVE-2018-12037

An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...

Microsoft Windows Security Bypass Vulnerability (CNVD-2019-02769)

Microsoft Windows 10 and others are products of Microsoft Corporation USA.Microsoft Windows 10 is an operating system for personal computers; Windows Server 2016 is a server operating system. A security bypass vulnerability exists in Microsoft Windows that originates when a program fails to...

KB4465664 BitLocker Security Feature Bypass Vulnerability

The remote Windows host is missing security update 4465664. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploi...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

Design/Logic Flaw

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2018-18071

The CVE concerns Daimler Mercedes-Benz Me app for iOS (version 2.11.0-846). The issue is the encrypted Connected Vehicle API data exchange between the app and its server, which could be intercepted. This could allow misuse of the Remote Parking Pilot, vehicle unlocks, or access to sensitive data ...

Debian DLA-1495-1 : git-annex security update

The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data exfiltration. CVE-2017-12976 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an...

Symantec Norton Identity Safe Elevation of Privilege Vulnerability

Symantec Norton Identity Safe is an identity security and credit card information management tool from Symantec USA. A privilege extraction vulnerability exists in versions prior to Symantec Norton Identity Safe 5.3.0.976. An attacker could exploit the vulnerability to recover encrypted data...

Privilege escalation

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials...

CVE-2018-12240

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials...

git-annex information disclosure vulnerability

git-annex is a distributed file synchronization system. An information disclosure vulnerability exists in git-annex. An attacker can exploit this vulnerability to disclose encrypted data via a malicious server...

UBUNTU-CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

Information disclosure

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...

DEBIAN-CVE-2018-10859

git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex...