This Ransomware Unlocks Your Files For Free If You Infect Others

Is your PC infected with Ransomware? Either pay the ransom amount to the attacker or spread the infection further to get the decryption keys. Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time. Initially discovered by...

CVE-2016-2951

IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data...

CrySis Ransomware Master Decryption Keys Released

The threat posed by a ransomware family known as CrySis was diminished considerably on Sunday when the master decryption keys were released to the public. Researchers at Kaspersky Lab said they have already folded the keys into the company’s Rakhni decryptor and victims of CrySis versions 2 and 3...

nettle: RSA/DSA code is vulnerable to cache-timing related attacks

It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance...

CVE-2016-8871

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack...

CVE-2016-8871

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack...

Code injection

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack...

CVE-2016-8871

CVE-2016-8871 affects Botan 1.11.29 through 1.11.32, where RSA decryption with certain padding options exposes a detectable OAEP timing channel. With a sufficient number of queries, an attacker could recover plaintext. The provided connected documents confirm the vulnerability details but do not ...

CVE-2016-8871

Removed by vendor...

Samsung Pay vulnerability in-depth analysis-vulnerability warning-the black bar safety net

2 0 1 6 7 1 4 number, from United States, California, Modesto Community College Salvador Mendoza published an article titled Samsung Pay:Tokenized Numbers, Flaws andIssues of the article, said the discovery of the Samsung Pay the Token of security. In the same year 8 on No. 4, which at the Black...

CVE-2015-8085

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC5...

Researchers Break MarsJoke Ransomware Encryption

Victims infected with the MarsJoke ransomware can decrypt their files after researchers last week cracked the encryption in the CTB-Locker lookalike. A trio of researchers from Kaspersky Lab’s Anti-Ransom Team–Anton Ivanov, Orkhan Mamedov, and Fedor Sinitsyn–described Monday how errors in the...

How to Capture SSL Master Keys When Running an nstrace on NetScaler

This article describes how to capture SSL master keys when running an nstrace on NetScaler Background From NetScaler 11.0-66+ and 11.1/12.0 all builds, the "start nstrace" command has a new parameter, -capsslkeys, with which you can capture the SSL master keys for all SSL sessions. If the...

Matroschka - Python Steganography Tool To Hide Images Or Text In Images

Матрёшка mɐˈtrʲɵʂkə is a command-line steganography tool written in pure Python. You can use it to hide and encrypt images or text in the least significant bits of pixels in an image. Encryption The encryption uses HMAC-SHA256 to authenticate the hidden data. Therefore the supplied MAC password i...

CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

Blue Coat ProxySG 6.5.x < 6.5.9.8 / 6.6.x < 6.6.4.1 Multiple OpenSSL Vulnerabilities

The self-reported SGOS version installed on the remote Blue Coat ProxySG device is 6.5.x prior to 6.5.9.8 or 6.6.x prior to 6.6.4.1. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - Multiple flaws exist in the aesnicbchmacsha1cipher function in file...

CVE-2016-6899

The Intelligent Baseboard Management Controller iBMC in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, a...

CVE-2016-6838

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before...

Design/Logic Flaw

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before...

BlackHat issues resolved: Windows programs digital signature verification“vulnerability”-vulnerability warning-the black bar safety net

In this year's black hat conference, foreign a security researcher shows how by the Windows digital signature bypass for malicious code detection. Download the General Assembly of the presentation of the ppt probably looked at it, the report is divided into two parts, the first part shows the...