159 matches found
Command injection
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials...
CVE-2022-1524
CVE-2022-1524 affects Illumina Local Run Manager (LRM) versions 2.4 and lower, where lack of TLS encryption enables potential MITM disclosure of in-transit data, including credentials. Connected advisories specify LC/LRM exposure and a patch release to mitigate the issue, with remediation guidanc...
CVE-2022-1524 3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials...
CVE-2022-1524 3.2.5 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials...
Record breaking HTTPS DDoS attack
Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...
Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second
Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second RPS distributed denial-of-service DDoS attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed...
CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Food and Drug Administration FDA have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing NGS software. Three of the flaws are rated 10 out of 10 for severity on the Common...
Security Bulletin: Avoiding Weak SSL/TLS Encryption in IBM System x and Flex Systems (CVE-2013-4030)
Summary Encryption with symmetric keys shorter than 128 bits is considered more vulnerable to attack than encryption with keys 128 bits or longer. Several SSL/TLS cipher suites include encryption with keys shorter than 128 bits. Vulnerability Details Abstract Encryption with symmetric keys shorte...
Slackware: Security Advisory (SSA:2013-322-03)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-42017
CVE-2021-42017 affects Siemens RUGGEDCOM ROS and associated RuggedCom devices (e.g., i800/i801/.../RSG2100, RS900 family, RMC8388, etc.), where third-party components expose a vulnerability from CBC-mode TLS implementations in TLS 1.0–1.2. The issue enables a man-in-the-middle to eavesdrop on enc...
Not with a Bang but a Whisper: The Shift to Stealthy C2
As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat APT malware and the billion-dollar infosec...
Sql injection
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1...
Medium: curl
Issue Overview: A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could...
Siemens Climatix POL909 (AWM) Information Disclosure Vulnerability
Siemens Climatix Pol909 is an intelligent network module from Siemens, Germany. security vulnerability exists in versions prior to Siemens Climatix POL909 AWM module V11.34, which stems from the fact that the web server of the affected device does not use TLS encryption when transmitting data. An...
CVE-2021-40366
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...
CVE-2021-40366
CVE-2021-40366 affects Siemens Climatix POL909 (AWB module) and POL909 (AWM module). The underlying issue is missing TLS encryption in the devices’ web server, enabling an unauthenticated remote attacker in a MITM position to read sensitive data (e.g., administrator credentials) or modify data in...
CVE-2021-40366
A vulnerability has been identified in Climatix POL909 AWB module All versions V11.42, Climatix POL909 AWM module All versions V11.34. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to...
CVE-2021-22946
A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl clie...
How Does MTA-STS Improve Your Email Security?
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now, and therefore security was not an...
CVE-2021-32066
Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...