CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

CVE-2016-8492

The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption...

Information Disclosure

OpenSSL is vulnerable to decryption oracle attacks. A malicious user on the network can use the server as an oracle to determine the SSLv2 master key...

Information disclosure

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily...

DROWN Attack

OpenSSL is vulnerable to the DROWN attack. The DROWN attack is also known as a Bleichenbacher RSA padding oracle. This vulnerability allows a malicious user to recover a session key from SSL2.0 connections, allowing them to decrypt such connections...

Side Channel Attack On Modular Exponentiation

OpenSSL is vulnerable to side channel attacks. The vulnerability exploits cache-bank conflicts on the Intel Sandy-Bridge microarchitecture, exposing RSA keys. However, an attacker can only exploit this only if he has control of code in a thread running on the same hyper-threaded core as the victi...

Leakage Of Decryption Key

nifi is susceptible to information disclosure. The vulnerability exists because running the encrypt-config.sh script allows the boostrap process RunNiFi.java to leak the sensitive property decryption key in 1 in the plaintext in boostrap.conf 2 in the process invocation...

CVE-2016-10102

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...

Yelp: Yelp.com is vulnerable to SWEET32 attack

Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p...

rc4 Password Cracking Vulnerability in LOGBASE Ops Security Management System from Sifo-Di

The LOGBASE O&M security management system from Sifo-Di provides O&M security audits for O&M staff. A rc4 password cracking vulnerability exists in the LOGBASE Operations and Maintenance Security Management System from Sifo-Dee. As the system comes with a URL link to decrypt its own "RC4",...

Padding Oracle Attack

bouncycastle is vulnerable to padding oracle attacks. In an environment where timings can be easily observed, it is possible to identify when the decryption is failing due to padding...

Weak Encryption

aes is vulnerable to weak encryption. The vulnerability exists due to improper implementation of string to hex conversion. A string that does not contain a hexadecimal sequence 00-FF is converted to a hexadecimal array filled with zeroes. This means that it is possible to decrypt messages with...

Los Angeles College Pays Hackers $28,000 Ransom To Get Its Files Back

Ransomware has turned on to a noxious game of Hackers to get paid effortlessly. Once again the heat was felt by the Los Angeles Valley College LAVC when hackers managed to infect its computer network with ransomware and demanded US$28,000 payment in Bitcoins to get back online. The cyber-attack...

This Ransomware Unlocks Your Files For Free If You Read CyberSecurity Articles

Ransomware has been around for a few years, but in last two years, it has become one of the fastest growing threats to businesses and users across the world, so will be in 2017. Ransomware is a piece of malware that encrypts files on your computer with strong encryption algorithms and then demand...

Apache mod_session_crypto - Padding Oracle

Apache modsessioncrypto - Padding Oracle ''' Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data an...

Apache mod_session_crypto - Padding Oracle Vulnerability

Apache modsessioncrypto versions 2.3 through 2.5 suffer form a padding oracle vulnerability. Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be...

Oracle Property Management Platform remote command execution and the cardholder data is decrypted vulnerability analysis-vulnerability warning-the black bar safety net

Recently, I found that in some large business hotel, the reception data management system of Oracle Opera in the presence of a plurality of security vulnerabilities. Hackers can exploit these vulnerabilities, the hotel booking App mentioning the right to get higher user usage rights; at the same...

New Decryptor Unlocks CryptXXX v3 Files

Researchers have neutralized the threat of the latest strain of the CryptXXX v.3 ransomware, releasing a decryption tool for unlocking files, and have added it to the RannohDecryptor, a free utility hosted by Kaspersky Lab’s No Ransom Project. Previous decryption tools had been available for...

Insecure NAS Device Exposes 350 Ameriprise Investment Accounts

A trove of data belonging to Ameriprise Financial was found earlier this month that included Social Security numbers, decryption keys and confidential internal company documents. The breach is related to the use of a network attacked storage device that insecurely backed up data from an internal...