200 matches found
K45616155: Nettle vulnerability CVE-2018-16869
Security Advisory Description A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extrac...
K10281096: TLS in Mozilla NSS vulnerability CVE-2018-12404
Security Advisory Description A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-1240...
SUSE CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...
openssl security and bug fix update
3.0.1-41.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz2115861 - Add FIPS indicator for HKDF Resolves: rhbz2118388 1:3.0.1-40 - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz2115856 - Dea...
Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers
The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...
The Chaos Ransomware Can Be Ravaging
The Qualys Research Team has observed a new version of Chaos ransomware in development. This blog reviews the malware’s updated functionality as well as its ongoing evolution. A ransomware builder called Chaos is still actively under development. The fourth version has recently been observed bein...
Malicious Exchange Server Module Hoovers Up Outlook Credentials
Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access OWA. Internet Information Services IIS, Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are know...
Security Bulletin: Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway
Summary IBM DataPower Gateway is potentially vulnerable to two side-channel attacks CVE-2018-0495, CVE-2018-12404 Vulnerability Details CVEID: CVE-2018-0495 DESCRIPTION: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be...
Information disclosure
Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...
Baphomet - Basic Concept Of How A Ransomware Works
This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack our files. This project is written in C using the net-core application framework 3.1.The main idea of the code is to make it as readable as possible so that people have an idea of how this type...
CVE-2020-26939
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...
Design/Logic Flaw
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...
CVE-2020-26939
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...
EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2020-2205)
According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-2205)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-2100)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : nss (EulerOS-SA-2020-2100)
According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1718)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2020-1754)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : nss (EulerOS-SA-2020-1718)
According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...