Default credentials

IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861...

CVE-2015-7432

IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861...

On Padding Oracle Attacks

Poodle is a vulnerability found in late 2014, and it is still occasionally seen during penetration tests. The vulnerability allows an attacker with a man-in-the-middle position to downgrade a secure connection between a client and a server to the vulnerable SSLv3. After the connection is...

CVE-2017-1571

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853...

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

Huawei DBS3900 TDD LTE Weak Encryption Algorithm Vulnerability

DBS3900 TDD LTE is a modular design network equipment product from Huawei, China. The Huawei DBS3900 TDD LTE suffers from a weak encryption algorithm vulnerability, which can be exploited by remote attackers to crack the encrypted data, leading to information leakage...

GandCrab Ransomware Crooks Take Agile Development Approach

Earlier this month, command-and-control servers tied to the fast-growing GandCrab ransomware campaigns were seized by Romanian Police and Europol. But, criminals behind GandCrab don’t appear phased by the setback and have already tweaked the malware to keep ransomware payment coming in. According...

UBUNTU-CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

Unisys ClearPath MCP System TCP/IP networking Module Bot Attack Vulnerability

Unisys ClearPath MCP system is a set of operating systems dedicated to ClearPath servers from Unisys Corporation in the U.S. TCP/IP networking is one of the network connection modules. A security vulnerability exists in the TLS implementation of the TCP/IP networking module versions 58.1, 59.1, a...

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

CVE-2017-17428

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits SDKs allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack...

Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to...

CVE-2018-1425

IBM Security Guardium Big Data Intelligence SonarG 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003...

CVE-2018-5762

The TLS implementation in the TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 58.1 before 58.160, 59.1 before 059.1a.17 IC 17, and 60.0 before 60.044 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT...

How to Verify Password for an Encrypted SSL Certificate Key File

This article explains how to use OpenSSL to decrypt a keyfile that was encrypted by a password. Background On NetScaler, when creating an RSA Key, you can change the PEM Encoding Algorithm to DES3 and enter a permanent Passphrase. This encrypts the keyfile and protects it with a password or pass...

Encryption 101: a malware analyst’s primer

While most in the security industry know what encryption is, many lack a basic understanding of how it is used in malware—especially ransomware. Because of this, we thought it would be beneficial to do an introductory primer on encryption mechanisms and how they are exploited for malicious...

Whapa - WhatsApp DataBase Parser Tool

Whapa is a whatsapp database parser that automates the process. The main purpose of whapa is to present the data handled by the Sqlite database in a way that is comprehensible to the analyst. The Script is written in Python 2.x The software is divided into three modes: Message Mode : It analyzes...

USN-3571-1 erlang vulnerabilities

It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. CVE-2014-1693 It was discovered that Erlang incorrectly checked CBC padding bytes. ...

A week in security (February 5 – February 11)

Last week on Malwarebytes Labs, we featured a new Flash Player zero-day that has been found in recent targeted attacks. And we talked about a new trick to cripple browsers that came out of the hat of tech support scammers. We also covered several methods of stealing cryptocurrencies, including on...

Open Source Static Code Analyser: StaCoAn

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool will look for interesting lines in the code which can contain: Hardcoded credentials API keys URL’s of API’s Decryption keys Major coding...