Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

After the iPhone encryption battle between Apple and the FBI, Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's...

EMC Avamar Data Store and Avamar Virtual Edition Information Disclosure Vulnerability

EMC Avamar is a backup and recovery solution. EMC Avamar Server's ADS and AVE installers for different users use the same key, allowing an attacker to exploit a vulnerability to break the password protection mechanism and gain access to sensitive client-server data flow information...

EMC RSA BSAFE Micro Edition Suite Brute Force Vulnerability

EMC RSA BSAFE Micro Edition Suite MES is an encryption toolkit from EMC Corporation. The toolkit can help developers achieve stable and secure application design. A brute force vulnerability exists in the client in EMC RSA BSAFE MES version 4.0.x prior to 4.0.9 and version 4.1.x prior to 4.1.5. A...

PLC Blaster Worm Targets Industrial Control PLCs

LAS VEGAS – Security researchers at Black Hat USA described a proof-of-concept worm that targets weaknesses within automated industrial control systems used to manage critical infrastructure and manufacturing. The worm, according to OpenSource Security, has the capability to autonomously search f...

Schneider Electric Unity PRO Control Flow Management Vulnerability

OVERVIEW Avihay Kain and Mille Gandelsman of Indegy have identified a vulnerability in Schneider Electric Unity PRO Software product. Schneider Electric has released a security notification with instructions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

The vulnerability of the microprogramming software in the Solar-Log photovoltaic system allows a remote attacker to gain unauthorized access to confidential information.

The vulnerability of the Microprogramming Software in the Solar-log photovoltaic system arises from the lack of password protection for CGI scripts used for data backup, restoration, and system configuration. Exploiting this vulnerability allows a malicious individual to gain unauthorized access ...

Vimeo: Downloading password protected / restricted videos

Using: https://vimeo.com/api/atv/clip/VideoID it is possible to get the title, description & download the file regardless on any privacy settings this includes both setting the video to 'Only me' and using a password For proof using my own video: https://vimeo.com/171116158 which has the password...

Nextcloud: No rate limiting on password protected shared file link

User can share any files with link and can also set password for it but issue is there isn't any rate limting implemented there at this feature. So attacker can bruteforce shared link whereas on the other side victim might be thinking he is safe even he shared private file link in publically...

ABB PCM600 Credential Protection Vulnerability

The ABB PCM600 is a protection and control IED manager, primarily used in the energy industry. A vulnerability exists in the way the ABB PCM600 OPC Server IEC61850 authentication password is temporarily protected. A local attacker could exploit this vulnerability to access the affected device...

McAfee VirusScan Enterprise < 8.8 Patch 6/7 Hotfix 1123565 Protection Bypass Vulnerability (SB10158)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is 8.8 Patch 6 or Patch 7 without Hotfix 1123565. It is, therefore, affected by a flaw related to closing registry handles for the McAfee VirusScan Console process. A local attacker with Windows administrative...

innovaphone IP222 11r2 sr9 Brute Force

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-018 Product: innovaphone IP222 Manufacturer: innovaphone AG Affected Versions: 11r2 sr9 Tested Versions: 11r2 sr9 Vulnerability Type: Improper Restriction of Excessive Authentication Attempts CWE-307 Risk Level: Medium Solutio...

PT-2016-3178 · Siemens · Siemens Sicam Pas

Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.07 Description: The issue is related to insufficient password protection in the database of the Siemens SICAM PAS system, which can be exploited by a local attacker to calculate passwords using certain...

IRS Releases Seventh Security Tip

The Internal Revenue Service IRS has released the seventh in a series of tips intended to help the public protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. This tip describes methods users can follow to...

Scientific Linux Security Update : grub2 on SL7.x x86_64 (20151215)

A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system. CVE-2015-8370 This update also fixes the...

MGASA-2015-0480 Updated grub2 packages fix security vulnerability

A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system CVE-2015-8370...

IRS Releases Fourth Tax Security Tip

The Internal Revenue Service IRS has released the fourth in a series of tips intended to help the public protect personal and financial data online and at home. This tip focuses on protecting your passwords. Recommendations include creating longer and more complex passwords, not using the same...

grub2 security update

CentOS Errata and Security Advisory CESA-2015:2653 Updated grub2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

RHEL 7 : grub2 (RHSA-2015:2623)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:2623 advisory. The grub2 packages provide version 2 of the Grand Unified Bootloader GRUB, a highly configurable and customizable bootloader with modular architectur...

Ubuntu 14.04 LTS : GRUB vulnerability (USN-2836-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2836-1 advisory. Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this...

USN-2836-1: GRUB vulnerability

Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handled the backspace key when configured to use authentication. A local attacker could use this issue to bypass GRUB password protection...