Report: Most Popular Home Routers Have ‘Critical’ Flaws

A security review of 127 popular home routers found most contained at least one critical security flaw, according to researchers. The “Home Router Security Report” PDF by Peter Weidenbach and Johannes vom Dorp—both from the German think tank Fraunhofer Institute–found that not only did all of the...

How to work with Amazon EBS encryption using Veeam Backup for AWS

Challenge You want to backup or restore instances with encrypted volumes. You receive one of the following related errors while working with encrypted volumes: Encrypted snapshots with EBS default key cannot be shared The default encryption key in the region of your service account is aws/ebs...

Telerik UI for ASP.NET AJAX RadAsyncUpload .NET Deserialization Vulnerability

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX prior to 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or...

Information Disclosure

telerik is vulnerable to information disclosure. A cryptographic weakness can be exploited to discover the encryption keys Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey...

Code injection

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the clientkey, the deviceid, and the public key for end-to-end encryption in cleartext, enabling an attacker by copying or having access to the local storage databas...

CVE-2020-13637

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the clientkey, the deviceid, and the public key for end-to-end encryption in cleartext, enabling an attacker by copying or having access to the local storage databas...

Researchers Expose a New Vulnerability in Intel's CPUs

The Software Guard eXtension is supposed to protect encryption keys and other sensitive data. But this isn't the first time it's been defeated...

USN-4384-1: GnuTLS vulnerability

It was discovered that GnuTLS incorrectly handled session ticket encryption keys. A remote attacker could possibly use this issue to bypass authentication or recover sensitive information...

Fortinet FortiClient Trust Management Issue Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...

CVE-2020-9315

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...

CVE-2020-9315

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...

Code injection

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...

CVE-2020-9315

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...

CVE-2020-9315

Oracle iPlanet Web Server 7.0.x is affected by two CVEs. CVE-2020-9315: authentication bypass via incorrect access control on admingui/version URIs, enabling unauthenticated read access to encryption keys. CVE-2020-9314: image injection via productNameSrc in the admingui, stemming from an incompl...

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”...

Zoom Upgrades Encryption Keys to What It Promised All Along

Plus: Facebook data on the dark web, Nintendo accounts keep getting hacked, and more of the week's top security news...

The vulnerability of the Ceph storage system, related to an authentication process error, allows a perpetrator to gain unauthorized access to the encryption keys for dm-crypt.

The vulnerability of the Ceph storage system is related to an authentication process error. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the encryption keys used for dm-crypt...

CVE-2019-11686

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...

CVE-2019-11686

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...