Open Source Intelligence Automation: Spiderfoot

Open Source Intelligence Automation SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more...

Google Elevates Security in Android O

Google last week during its I/O event described security tweaks that are part of its upcoming Android O operating system, which is expected to be released later this year. New features are Project Treble and a new permission standard around the feature called Instant App. Also to be introduced wi...

Windows Penetration Testing Tool: RedSnarf

Windows Penetration Testing Tool RedSnarf is a pen-testing / red-teaming tool by Ed William and Richard Davy for retrieving hashes and credentials from Windows workstations, servers and domain controllers using OpSec Safe Techniques. RedSnarf aims to do the following: Leave no evidence on the hos...

iOS Security Testing Framework: needle

iOS Security Testing Framework Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes...

Kong and Wallarm Partner Up to Boost Microservices API Security

Wallarm has partnered with Mashape to provide the microservices community with API security. Mashape enterprise customers who use Kong API gateway can now quickly add API security protection without change in Kong user’s deployment. Read more about Kong and Wallarm partnership in this blog. Today...

Securitybot - Distributed alerting for the masses!

Distributed alerting for the masses! Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber's blog post. Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more...

Distributed Security Alerting: Securitybot

Distributed Security Alerting Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber’s blog post . Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more...

[SECURITY] Fedora 25 Update: knot-resolver-1.2.3-1.fc25

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

[SECURITY] Fedora 25 Update: irssi-0.8.21-1.fc25

Irssi is a modular IRC client with Perl scripting. Only text-mode frontend is currently supported. The GTK/GNOME frontend is no longer being maintained...

Side Channel Attack On Modular Exponentiation

OpenSSL is vulnerable to side channel attacks. The vulnerability exploits cache-bank conflicts on the Intel Sandy-Bridge microarchitecture, exposing RSA keys. However, an attacker can only exploit this only if he has control of code in a thread running on the same hyper-threaded core as the victi...

CVE-2016-6885

The pstmexptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service invalid free and crash via a base zero value for the modular exponentiation...

CVE-2016-6885

The pstmexptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service invalid free and crash via a base zero value for the modular exponentiation...

CVE-2016-6885

The pstmexptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service invalid free and crash via a base zero value for the modular exponentiation...

CVE-2016-6887

The pstmexptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack...

CVE-2016-6887

The pstmexptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack...

Code injection

The pstmexptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack...

CVE-2016-8671

The CVE-2016-8671 issue affects MatrixSSL 3.8.6 and earlier, where the modular exponentiation in pstm_exptmod is not performed correctly. This vulnerability could allow remote attackers to predict the secret key via certain vectors, stemming from an incomplete fix for CVE-2016-6887. Public source...

CVE-2016-8671

The pstmexptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887...

CVE-2016-6887

Summary: CVE-2016-6887 affects MatrixSSL 3.8.6 and earlier, where the pstm_exptmod function mishandles modular exponentiation, enabling potential key prediction via a CRT attack. The related OpenVAS entry indicates a vulnerability class for MatrixSSL

OpenSSL: Side channel attack on modular exponentiation

A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to...