698 matches found
CVE-2020-10577
Technical details about CVE-2020-10577 are not provided in the supplied documents. Monitor for updates from vendors and security trackers.
CVE-2020-10577
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...
CVE-2020-10577
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...
CVE-2020-10575
CVE-2020-10575 affects the Janus WebRTC server (VideoCall plugin) up to version 0.9.1. The issue is a race condition in plugins/janus_videocall.c that mishandles session management, causing references to be freed too early or too many times. This is stated consistently across sources including Re...
CVE-2020-10575
An issue was discovered in Janus through 0.9.1. plugins/janusvideocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times...
CVE-2020-10575
An issue was discovered in Janus through 0.9.1. plugins/janusvideocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times...
janus-gateway:rtcp_fuzzer: Dynamic-stack-buffer-overflow in janus_rtcp_incoming_transport_cc
Project: https://github.com/meetecho/janus-gateway.git Detailed Report: https://oss-fuzz.com/testcase?key=5648598425665536 Project: janus-gateway Fuzzing Engine: afl Fuzz Target: rtcpfuzzer Job Type: aflasanjanus-gateway Platform Id: linux Crash Type: Dynamic-stack-buffer-overflow READ 2 Crash...
Android Janus - APK Signature Bypass Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...
Agent Smith Malware Infects 25M Android Phones to Push Rogue Ads
Researchers are warning of a new breed of Android malware, dubbed “Agent Smith,” that they claim has infected 25 million handsets in order to replace legitimate apps with doppelgangers that display rogue ads. The malware is tied to a China-based firm, according to Check Point researchers, and is...
Slack: Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack
Affects: Janus DTLS certificate Description The Janus server in use by Slack is configured using a certificate and private key that were previously distributed by default. This certificate is used to authenticate the DTLS connection which is later used to exchange keys for the SRTP stream. As a...
New Android vulnerability allows attackers to modify apps without affecting their signatures(CVE-2017-13156)
A serious vulnerability CVE-2017-13156 in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman...
THN Weekly Roundup — Top 10 Stories You Should Not Miss
Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discover...
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Androi...
Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code
Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and...
Keeping up with the Petyas: Demystifying the malware family
Last June 27, there was a huge outbreak of a Petya-esque malware with WannaCry-style infector in the Ukraine. Since there is still confusion about how exactly this malware is linked to the original Petya, we have prepared this small guide on the background of the Petya family. The origin of Petya...
Decryption Key to Original Petya Ransomware Released
The master key to the original version of the Petya ransomware – not to be confused with the latest and massive Petya/ExPetr outbreak that swept through the Ukraine and parts of Europe last month – has been released, allowing all the victims of previous Petya attacks to unscramble their encrypted...
The key to old Petya versions has been published by the malware author
As research concluded, the original author of Petya, Janus, was not involved in the latest attacks on Ukraine. His original malware was pirated and extended by an unknown actor read more here. As a result of the recent events, Janus probably decided to shut down the Petya project. Similarly to th...
Original Author of Petya Ransomware is Back & He Wants to Help NotPetya Victims
The author of original Petya ransomware is back. After 6 months of silence, the author of the now infamous Petya ransomware appeared today on Twitter to help victims unlock their files encrypted by a new version of Petya, also known as NotPetya. "We're back having a look in NotPetya," tweeted...