It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium such as a flash disk could use this flaw to force a user into permanently disabling the encryption layer of that medium.

...

CVE-2021-4122

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...

Frontier 输入验证错误漏洞

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier suffers from an input validation error vulnerability that stems from the fact that it can affect the parsing of RPC results in the event of EVM recovery. In the release version, this causes t...

Ransomware Deals Deathblow to 157-year-old College

Illinois-based Lincoln College was established during the U.S. Civil War. Since then it has weathered two world wars, the Spanish Flu, the Great Depression, the Great Recession and a devastating fire. But two things it couldn’t survive? A ransomware attack and financial pressures tied to the impa...

GitDump - A Pentesting Tool That Dumps The Source Code From .Git Even When The Directory Traversal Is Disabled

GitDump dumps the source code from .git when thedirectory traversal is disabled Requirements Python3 Tested on Windows Kali Linux What it does Dump source code from website/.git directory when directory traversal is disabled. How it works Fetch all common files .git/index, .git/HEAD, .git/ORIGHEA...

A $50,000 Bug Could've Allowed Hackers Access Any Microsoft Account

Microsoft has awarded an independent security researcher $50,000 as part of its bug bounty program for reporting a flaw that could have allowed a malicious actor to hijack users' accounts without their knowledge. Reported by Laxman Muthiyah, the vulnerability aims to brute-force the seven-digit...

UBUNTU-CVE-2020-12801

If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice'...

U.S. Pipeline Disrupted by Ransomware Attack

A ransomware attack has hit a natural gas compression facility in the U.S., the feds have warned. The attack resulted in a two-day pipeline shutdown as the unnamed victim worked to bring systems back online from backups. The attackers were able penetrate the IT portion of the facility’s network,...

Cisco Talos Incident Response "Stories from the Field" #2: When do lawyers get involved?

The second video in our "Stories in the Field" series from Cisco Talos Incident Response is here, with Matt Aubert talking about lawyers. While getting a general counsel involved may seem like an arduous process for many incident response teams, Matt Aubert argues in this video that in his...

Google’s ‘Advanced Protection’ Tools Trade Ease-of-Use for Security

Government officials and journalists who use Google services were the first to be invited to use advanced Gmail account security services announced Tuesday. Experts say it’s no security panacea, but tools provided under the Google banner called Advanced Protection empower any private Google users...

CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

DEBIAN-CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

Design/Logic Flaw

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

Windows 7 SP1 Local Access SYSTEM Compromise

No description provided by source. Discovered by: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Vendor: Microsoft Affected Software: Windows 7 SP1 and probably other Title: Owning Windows 7 - From Recovery to "nt authority\system" - Physical Access Required See also:...

Ubuntu 10.04 LTS / 10.10 / 11.04 : ecryptfs-utils vulnerabilities (USN-1188-1)

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1831 Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs...

USN-1188-1: eCryptfs vulnerabilities

Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested mountpoint. A local attacker could use this flaw to mount to arbitrary locations, leading to privilege escalation. CVE-2011-1831 Vasiliy Kulikov and Dan Rosenberg discovered that eCryptfs...

CVE-2011-1836

utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process...

Optus/Huawei E960 HSDPA Router SMS XSS Attack

No description provided by source. XSS Attack using SMS to Optus/Huawei E960 HSDPA Router Synopsis -------- Huawei E960 HSDPA Router firmware version 246.11.04.11.110sp04 is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its we...

Backup implementation

Organization Backup I. Intro Let's start by cramming terms and definitions. Backup backup, b4kup or in the common folk backup we will call an asynchronous, in relation to modification, process of creating a copy of stored information data, which allows you to restore the previous state of the dat...