32 matches found
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...
EUVD-2016-9079
Malware in sbrugna...
BIT-GOLANG-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
AnyDesk < 8.0.8 Invalidated Signing Certificate
A security update as been issued by the vendor advising their code signing certificate has changed on product versions less than 8.0.8. The vendor recommends updating to the latest version as the previous certificate will soon be invalidated. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...
Security Updates for Microsoft .NET Framework (August 2023)
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows: - A remote code execution vulnerability in applications running on IIS using their parent application's Application Pool which can lead to...
Design/Logic Flaw
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...
CVE-2022-3913
CVE-2022-3913 affects Rapid7 Nexpose and InsightVM, versions 6.6.82–6.6.177, due to failure to validate the update server’s TLS certificate when downloading updates. This could allow a network‑adjacent attacker with some access along the path to supply their own HTTPS endpoint or intercept traffi...
GitHub Reports Code-Signing Certificate Theft in Security Breach
By Deeba Ahmed GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom. This is a post from HackRead.com Read the original post: GitHub Reports Code-Signing Certificate Theft in Security Breach...
Exploit for Improper Certificate Validation in Microsoft
CurveBall CVE-2020-0601 - PoC This vulnerability, known as...
CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability | Cloud Foundry
Severity High Vendor Microsoft Corporation Description A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious...
PoC Exploits Published For Microsoft Crypto Bug
Two proof-of-concept PoC exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The vulnerability CVE-2020-0601 could enable an attacker to spoof a code-signing certificate necessary for validati...
Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency NSA. Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could all...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Microsoft Windows - CryptoAPI Crypt32.dll Elliptic Curve Cryptography ECC Spoof Code-Signing Certificate EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert =...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert = OpenSSL::X509::Certificate.newraw Parse public key from CA cakey = cacert.publickey if !cakey.instanceof? OpenSSL::PKey::EC then puts "...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
The CVE-2020-0601 issue affects Windows CryptoAPI (Crypt32.dll) and its ECC certificate validation, enabling a spoofing attack where a forged code-signing certificate could make malware appear trusted. Affected platforms include Windows 10 and Windows Server 2016/2019, with the vulnerability tied...
Microsoft Patches ‘Major’ Crypto Spoofing Bug
A major crypto-spoofing bug impacting Windows 10 users has been fixed as part of Microsoft’s January Patch Tuesday security bulletin. The vulnerability could allow an attacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an...