Lucene search
K

30 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/04 2:10 a.m.1 views

Malicious code in @zillow-types/constellation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f570ad44977228dd333e2cc8ca47ab2bc8b05f057f2d4125c5549f3dd8f1c7f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/04/04 2:10 a.m.14 views

MAL-2023-73 Malicious code in @zillow-types/constellation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f570ad44977228dd333e2cc8ca47ab2bc8b05f057f2d4125c5549f3dd8f1c7f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/03/09 8:21 p.m.15 views

Constellation allows Emergency shell access during initramfs boot phase

Impact An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM. Patches The issue has been patched in v2.6.0. Workarounds none...

5.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/09 8:21 p.m.18 views

GHSA-6W5F-5WGR-QJG5 Constellation allows Emergency shell access during initramfs boot phase

Impact An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM. Patches The issue has been patched in v2.6.0. Workarounds none...

7AI score
Exploits0References3
Veracode
Veracode
added 2023/03/02 6:15 p.m.15 views

Man-in-the-Middle Attack (MITM)

github.com/edgelesssys/constellation is vulnerable to Man-in-the-Middle Attacks MITM. The vulnerability exists because attestation user data, including the digest of a public key in a aTLS connection are incorrectly bound to the issuers TPM, not the PCR state. If an attacker can intercept a node...

4.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/02/17 8:51 p.m.15 views

User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

2.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/17 8:51 p.m.14 views

GHSA-R2H5-3HGW-8J34 User data in TPM attestation vulnerable to MITM

Impact Attestation user data such as the digest of the public key in an aTLS connection was bound to the issuer's TPM, but not to its PCR state. An attacker could intercept a node initialization, initialize the node themselves, and then impersonate an uninitialized node to the validator. In...

7.1AI score
Exploits0References3
The Hacker News
The Hacker News
added 2021/06/16 12:25 p.m.34 views

Malware Attack on South Korean Entities Was Work of Andariel Group

A malware campaign targeting South Korean entities that came to light earlier this year has been attributed to a North Korean nation-state hacking group called Andariel, once again indicating that Lazarus attackers are following the trends and their arsenal is in constant development. "The way...

Exploits0
Kitploit
Kitploit
added 2017/07/19 2:30 p.m.393 views

GPS-SDR-SIM - Software-Defined GPS Signal Simulator

GPS-SDR-SIM generates GPS baseband signal data streams, which can be converted to RF using software-defined radio SDR platforms, such as bladeRF, HackRF, and USRP. Windows build instructions 1. Start Visual Studio. 2. Create an empty project for a console application. 3. On the Solution Explorer ...

7.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/01/01 9:27 p.m.11 views

Hackers Plan Satellite Network to Fight Internet Censorship

A group of hackers are reportedly declaring war on Internet censorship, and they plan to fight back with their own satellite communications network. Sound like science fiction? According to BBC News, the plan was recently outlined at the Chaos Communication Congress in Berlin. Dubbed the...

Exploits0References3
Rows per page
Query Builder