CVE-2015-8086

The CVE-2015-8086 issue affects Huawei AR routers and several Quidway/S-series devices: AR routers with software before V200R007C00SPC100; S9300 before V200R009C00; S12700 before V200R008C00SPC500; S9300/S5300/S5300 before V200R007C00; and S5700 before V200R007C00SPC500. Root cause: information d...

MariaDB 10.1.x < 10.1.7 Multiple Vulnerabilities

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.7. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in the baselistiterator::nextfast function within file sql/sqlparse.cc when handling multi-table updates. An...

RHEL 6 : Virtualization Manager (RHSA-2016:1929)

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

org.ovirt.engine-root: engine-setup logs contained information for extracting admin password

A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates which could then be used to steal other sensitive information such as passwords...

PowerWare Ransomware Masquerades as Locky to Intimidate Victims

A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics. According to researchers, a new versi...

Mimikittenz - Post-Exploitation Powershell Tool for Extracting Juicy info from Memory

mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but no...

Locky Variant Zepto Debuts with Big Spam Push

Ransomware called Zepto is raising concerns with security experts because of its close ties to the more mature and prolific Locky ransomware. Zepto was spotted about a month ago but a recent wave of spam containing Zepto-laced attachments detected on June 27 is heightening fears of widespread...

CVE-2016-4443

A flaw was found in RHEV Manager, where it wrote sensitive data to the engine-setup log file. A local attacker could exploit this flaw to view sensitive information such as encryption keys and certificates which could then be used to steal other sensitive information such as passwords...

The vulnerability of the Mac OS X operating system, which allows a hacker to compromise the confidentiality of information

The vulnerability of the Disk Utility component in the Mac OS X operating system is related to the use of incorrect encryption keys for disk images. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality of sensitive information...

CVE-2016-1809

Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors...

CVE-2016-1809

Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors...

Code injection

Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors...

CVE-2016-1809

Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption keys for disk images, which has unspecified impact and attack vectors...

British Hacker Wins Legal Battle Over Encryption Keys

In Brief Britain's top crime fighting force has failed in a legal attempt to force alleged hacker Lauri Love to hand over his hard disk's encryption keys. In a landmark case, District Judge Nina Tempia said the investigative agency should have used the normal police powers rather than a civil...

Twitter Denies Intelligence Community Fire Hose Access Via Dataminr

A Twitter business partner, whose service sifts through Twitter’s so-called fire hose of tweets as well as data from other sources to ascertain patterns in breaking news events, has been told to no longer provide its services to the U.S. intelligence community. The Wall Street Journal on Sunday...

British Authorities Order Hacker Lauri Love to hand Over Encryption Keys

The National Crime Agency NCA of United Kingdom is forcing the British citizen, and political hacktivist Lauri Love accused of hacking to hand over encryption keys to equipment seized from his home. Love, 31, is currently fighting extradition to the United States where he faces up to 99 years in...

China Passes Anti-Terrorism Law; Here's What You Need to Know

If you rely on encrypted services to keep your data private and, unfortunately, you are in China, then you are about to be worried. As of now Chinese government could snoop into the operations of technology companies as well as circumvent privacy protections in everyday gadgets. China So-called...

France wants to BAN Tor and Free Wi-Fi Services after Paris Terror Attacks

Now this was to be done, Sooner or Later – The Government. In the wake of the recent deadly Paris terror attacks, the French government is considering new laws that would Ban access to Free Wi-Fi and the Tor anonymity network, according to a recent report by French newspaper Le Monde. The report...

LastPass Vault Decryptor

This module extracts and decrypts LastPass master login accounts and passwords, encryption keys, 2FA tokens and all the vault passwords This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' require 'sqlite...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...