crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

Malicious code in web3-helper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8b4b0ec18a585bcc92bfeea9cf5e3febdd7d540f38f78cb1acc62ce33784a492 The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them --- Category: MALICIOUS - Th...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

Summary matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although the...

$1.4 Billion Stolen From ByBit in Biggest Crypto Theft Ever

Plus: Apple turns off end-to-end encrypted iCloud backups in the UK after pressure to install a backdoor, and two spyware apps expose victim data—and the identities of people who installed the apps...

PT-2026-2481

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.12 Go versions prior to 1.25.6 Description The Go programming language contains a flaw in the archive/zip functionality that can lead to denial-of-service. Specifically, crafted ZIP files can trigger super-linear...

CVE-2024-56754

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caamqishutdown The type of the last parameter given to devmaddactionorreset is "struct caamdrvprivate ", but in caamqishutdown, it is casted to "struct device ". Pass the correct parameter...

Digital Assets Cybersecurity Essentials

Discover essential tips to secure your digital assets like crypto, NFTs, and tokens. Learn about wallet safety, avoiding…...

Scammers are impersonating cryptocurrency exchanges, FBI warns

The Federal Bureau of Investigation FBI issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. There are many types of crypto related scams, but in this case, the FBI provided an advisory about scammers that contact t...

Users potentially cannot have Canto token swapped automatically when bridging assets to the Canto Network

Lines of code Vulnerability details Impact If the field AutoSwapThreshold is set to zero value, the logic that compares standardCoinBalance to the autoSwapThreshold always evaluates to false so there isn't any swap operation from bridged asset to Canto token for users. Therefore, the purpose of t...

DLA-3455-1 golang-go.crypto - security update

Bulletin has no description...

Malicious code in ypthon-binance (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f666c7f6fb138b62f3adf3f80b8f06547c71b2d41b1bced7ec1fc28f7f065d4d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in pyhton-binance (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bb856715857f47e2c3e65e4207042488de6bfb22d3f55ee5762405004eea86a0 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6 of the Best Crypto Bug Bounty Programs

By Waqas Crypto bug bounty programs have become essential as the number of blockchain platforms grows exponentially, making it increasingly difficult for developers to keep up with all the necessary security protocols on their own. This is a post from HackRead.com Read the original post: 6 of the...

CVE-2021-4239

The CVE-2021-4239 issue concerns the Noise protocol implementation (notably the Go language package by Flynn). Affected behavior: after encrypting 2^64 messages, the nonce counter can wrap, causing multiple messages to be encrypted with the same key and nonce, enabling weakened cryptographic secu...

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

I Lost $17,000 in Crypto. Here’s How to Avoid My Mistake

I’m not the first person to suffer this fate, but hopefully I can be the last...

Upgraded Q -> M from 340 [1657877639047]

Judge has assessed an item in Issue 340 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2020-35163

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability...

DLA-2402-1 golang-go.crypto - security update

Bulletin has no description...