CVE-2020-35584

The vulnerability affects Solstice Pod prior to version 3.0.3. The web services expose a Browser Look‑in feature that allows connections over unencrypted channels. An attacker positioned to observe legitimate user network traffic could monitor interactions with the web services and capture sensit...

New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service DoS attacks to deprive subscribers of...

New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service DoS attacks to deprive subscribers of...

CVE-2020-25748

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras firmware versions v342, v339. Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP...

CVE-2019-5591

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server...

23% of Tor browser relays found to be stealing Bitcoin

By Sudais Asif The threat actor was able to see the user's transmitted data on the Tor browser and tamper with it for their own ill-motives. This is a post from HackRead.com Read the original post: 23% of Tor browser relays found to be stealing Bitcoin...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation incl. SIPLUS variants All versions, SIMATIC HMI Basic Panels 2nd Generation incl. SIPLUS variants All versions, SIMATIC HMI Comfort Panels incl. SIPLUS variants All versions, SIMATIC HMI KTP700F Mobile Arctic All...

F5 NGINX Controller Trust Management Issues Vulnerability (CNVD-2021-18398)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 1.0.1, 2.0.0 through 2.9.0, and 3.0.0 through 3.5.0...

CVE-2020-5367

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this...

CVE-2020-5367

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this...

The vulnerability of the embedded software in Balt-System NC series numerical control systems, related to the transmission of data in an open format, allows attackers to intercept traffic and disclose confidential information.

The vulnerability of the embedded software in Balt-System NC series numerical control systems is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to intercept traffic and disclose confidential information...

MonitorMinor: vicious stalkerware?

Updated March 17th, 2020 The other day, our Android traps ensnared an interesting specimen of commercial software that is positioned as a parental control app, but may also be used to secretly monitor family members or colleagues – or, in other words, for stalking. Such apps are often called...

Crafty Web Skimming Domain Spoofs “https”

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new...

WAGO e!Cockpit Network Communication Plaintext Transfer Vulnerability

Cockpit is an interactive server management interface. A network communications plaintext transfer vulnerability exists in WAGO e!Cockpit, which can be exploited by an attacker to intercept, interpret, and manipulate data from or to e...

CVE-2019-5107

A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords,...

Unspecified vulnerability in F5 BIG-IP ASM (CNVD-2019-47430)

F5 BIG-IP ASM is a Web Application Firewall WAF from F5 USA that provides secure remote access, protects email, and simplifies Web access control while enhancing network and application performance. A security vulnerability exists in F5 BIG-IP ASM version 15.0.1 that stems from the program not...

D Shield suffers from a webshell bypass vulnerability (CNVD-2020-01624)

D Shield is a proactive defense protection software designed specifically for IIS. D Shield suffers from a webshell bypass vulnerability that can be exploited by attackers to bypass the interception of submission data...

D Shield suffers from a webshell bypass vulnerability (CNVD-2020-01623)

D Shield is a proactive defense protection software designed specifically for IIS. D Shield suffers from a webshell bypass vulnerability that can be exploited by attackers to bypass the interception of submission data...

D Shield suffers from a webshell bypass vulnerability (CNVD-2020-02213)

D-Shield is a proactive defense software designed specifically for IIS to prevent websites and servers from being compromised by internal and external protection. D-Shield suffers from a webshell bypass vulnerability. An attacker can use this vulnerability to bypass the interception of submission...

Stripo Inc: SSL cookie without secure flag set

Issue background If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then t...