OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

Wi-Fi Alliance launches WPA3 protocol with new security features

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access WPA3. WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices eve...

OpenSSL Security Bypass Vulnerability (Dec 2017) - Linux

OpenSSL is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

Recam Redux - DeConfusing ConfuserEx

This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...

CVE-2017-1000246

CVE-2017-1000246 affects pysaml2 (

Forever 21 Warns Shoppers of Payment Card Breach at Some Stores

Another day, another data breach. This time a fast-fashion retailer has fallen victim to payment card breach. American clothes retailer Forever 21 announced on Tuesday that the company had suffered a security breach that allowed unknown hackers to gain unauthorized access to data from payment car...

New Research in Invisible Inks

It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly if only you could see them in the data-encryption/decryption arena lately.... But some of the materials are costly or difficult to prepare, and many of these inks remain...

Part 2: All rise! Mind these digital crimes and arm your business against them

In the first installment of this two-part series, we advised consumers to stay on top of a selection of up-and-coming crimes to significantly lessen the chances of encountering them in the future. For this post, we're going to look into digital crimes that keeps small businesses and large...

CVE-2017-15581

In the "Diary with lock" aka WriteDiary application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive...

Bad Rabbit Ransomware – What is it and how to stay safe

Trend Micro is tracking multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to...

About the security content of Apple Support 1.2 for iOS - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

CVE-2017-8444

The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle MITM the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data...

CVE-2017-8444

The CVE-2017-8444 entry affects Elastic Cloud Enterprise (ECE) client-forwarder prior to version 1.0.2, where traffic to ZooKeeper is not properly encrypted. This enables potential data exposure if an attacker can perform a MITM on the connection. The available connected document confirms the aff...

FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears

Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration FDA has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to r...

Chinese Quantum Satellite Sends First ‘Unhackable’ Data to Earth

In what appears to be the world's first quantum satellite transmission, China has successfully sent an "unbreakable" code over a long distance from an orbiting satellite to the Earth, achieving a milestone in the next generation encryption based on "quantum cryptography." In August last year, Chi...

Mamba Ransomware Resurfaces in Brazil, Saudi Arabia

Mamba was among the first samples of ransomware that encrypted hard drives rather than files that was detected in public attacks, primarily against organizations in Brazil and in a high-profile incursion against the San Francisco Municipal Transportation Agency last November. Researchers at...

IsraBye Anti-Israeli wiper malware locks data that can’t be restored

By Waqas Researchers of an Israeli cyber security firm Intezer have discovered a dangerous This is a post from HackRead.com Read the original post: IsraBye Anti-Israeli wiper malware locks data that cant be restored...

CVE-2016-0736

In Apache HTTP Server versions 2.4.0 to 2.4.23, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle...

Forecasting the Future of Ransomware

There's no question that ransomware is one of the most formidable threats to a business. With so much riding on digitized data, important applications and other systems, any interruption to access of these crucial assets can quickly spell disaster for an organization. Despite efforts on the part ...