DEBIAN-CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

UBUNTU-CVE-2017-1000385

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

iSmartAlarm CubeOne Log File Decryption Vulnerability

The iSmartAlarm CubeOne is a smart home center control device from iSmartAlarm USA. A security vulnerability exists in the firmware of iSmartAlarm CubeOne 2.2.4.8 and earlier versions. An attacker can exploit the vulnerability to decrypt log files...

CEMLink 6 Unrestricted WSDL Service Access / Poor Crypto Implementation Vulnerabilities

CEMLink 6 suffers from having unrestricted WSDL service access and a weak mechanism for password storage. Exploit Title: CEMLink6 multiple vulnerabilities Date Reported to vendor: 8/2/2017 Vendor never replied Exploit Author: email protected Vendor Homepage:...

Code injection

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

CVE-2017-13663 affects iSmartAlarm CubeOne firmware (2.2.4.8 and earlier). The vulnerability stems from an exposed encryption key in the device firmware, enabling an attacker to decrypt log files. Documented impact: confidentiality of log data compromised; no explicit remediation details or patch...

World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex...

CVE-2017-8157

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information...

CVE-2017-8157

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information...

When you shouldn’t trust a trusted root certificate

Root certificates are the cornerstone of authentication and security in software and on the Internet. They're issued by a certified authority CA and, essentially, verify that the software/website owner is who they say they are. We have talked about certificates in general before, but a recent eve...

CVE-2017-16560

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes...

CVE-2017-16560

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes...

Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update B)

CVSS v3 6.8 Vendor: Siemens Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01A Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was...

CVE-2017-13786

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter...

New Research in Invisible Inks

It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly if only you could see them in the data-encryption/decryption arena lately.... But some of the materials are costly or difficult to prepare, and many of these inks remain...

Circle with Disney Firmware Update Signature Check Bypass Vulnerability(CVE-2017-2898)

Summary An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series...

Excerpts from The Ransomware Economy: The Ransomware Supply Chain

Carbon Black recently published an investigative report on the Dark Web marketplace for ransomware. This is an excerpt from that report, which you can find here. For more information about the rise of ransomware, and what you can do about it, check out the Ransomware Epidemic: Stop Bad Rabbit In...