Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)

Summary IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. CVE-2019-1559 Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP...

CVE-2019-5719

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block...

Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques

During several recent incident response engagements, FireEye Mandiant investigators uncovered new tools in FIN7’s malware arsenal and kept pace as the global criminal operators attempted new evasion techniques. In this blog, we reveal two of FIN7’s new tools that we have called BOOSTWRITE and...

Programmer hacks his attacker; releases decryption keys for Mushtik ransomware

By Sudais "Hey guys, I hacked back this criminal and got the whole database with Mushtik ransomware keys." The last laugh - it's something that everyone would like to have. Turns out, a German programmer by the name of Tobias Fromel had it in a very dramatic fashion. It all started when he was...

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

CVE-2017-13077

A new exploitation technique called key reinstallation attacks KRACKs affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key PTK-TK during a...

Alabama Hospitals Pay Up in Ransomware Attack

An Alabama hospital system has paid its attackers in a ransomware attack that knocked its systems offline on Oct. 1. Officials at the DCH Health System didn’t say how much the hospitals paid for the decryption key, but noted that they have started a “methodical” process of system restoration. “We...

Detrix EDMS 1.2.3.1505 SQL Injection

!/usr/bin/php / Exploit Title: Detrix EDMS cleartext user password remote SQLI exploit Google Dork: Date: Jul 2019 Exploit Author: Burov Konstantin Vendor Homepage: forum.detrix.kz Software Link:...

CryptonDie - A Ransomware Developed For Study Purposes

CryptonDie is a ransomware developed for study purposes. Options --key key used to encrypt and decrypt files, default is random stringrecommended --dir Home directory for the attack, default is / --encrypt Encrypt all files --decrypt Decrypt all files --verbose Active verbose mode, default is Fal...

CB Threat Analysis Unit: Technical Analysis of “Crosswalk”

The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of cryptographic algorithms that contain defects, allowing attackers to decrypt the login credentials.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to decrypt the login credentials...

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of a unstable cryptographic algorithm in the configuration files. This allows a hacker to decrypt the configuration data.

The vulnerability of the microprogrammed Ethernet switches Moxa PT-7528 and Moxa PT-7828 lies in the use of a unstable cryptographic algorithm in the configuration files. Exploiting this vulnerability allows a remote attacker to decrypt the configuration data...

Russians Hack FBI Comms System

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI...

EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-1979)

According to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of...

Security Bulletin: IBM MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2019-1559

Summary IBM MQ for HP NonStop Server has addressed the following vulnerability: CVE-2019-1559 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the host...

IBM Cognos Controller Information Disclosure Vulnerability (CNVD-2019-32437)

IBM Cognos Controller is a suite of business intelligence and planning solutions from IBM in the United States. The product features process automation, financial audit control, and the creation and management of financial reports. An information disclosure vulnerability exists in IBM Cognos...

CVE-2019-4175

IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158880...

PT-2019-16950 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.3.0 through 10.4.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

Inteno IOPSYS Gateway - Improper Access Restrictions

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

CVE-2019-1563

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...