Design/Logic Flaw

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco serve...

CVE-2016-1321

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco serve...

How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hacker...

[SECURITY] [DSA 3478-1] libgcrypt11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3478-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 15, 2016 https://www.debian.org/security/faq -...

Debian DSA-3474-1 : libgcrypt20 - security update

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/tromer/ecdh/ for details. %NASLMINLEVEL 70300 C Tenable Network Securit...

DSA-3478-1 libgcrypt11 - security update

Bulletin has no description...

Here's How to Decrypt Hydracrypt & Umbrecrypt Ransomware Files

Over the last few years, we have seen several types of Ransomware malware that demand a whopping amount of money from users for the retrieval of their locked, compromised sensitive files. We have also witnessed the birth of decryption solution for some of the Ransomware like Cryptolocker partial,...

Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability

A vulnerability in Cisco Universal Small Cell devices could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server. The vulnerability is due to insufficient enforcement of the two-way certificate validation process by the Cisco-hosted binary server to...

Debian Security Advisory DSA 3474-1 (libgcrypt20 - security update)

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack. See https://www.cs.tau.ac.IL/tromer/ecdh/ for details. OpenVAS Vulnerability Test $Id: deb3474.nasl...

Microsoft Windows Kerberos Security Feature Bypass Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.Kerberos is a set of network authentication protocols developed by the Massachusetts Institute of Technology MIT in the United States, which adopts a client/server structure, and the client and server can authenticate each...

OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net

by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...

OpenSSL high-risk vulnerabilities allow attackers to decrypt HTTPS traffic-bug warning-the black bar safety net

OpenSSL maintainer to fix a high risk vulnerability allows an attacker can obtain the decryption of HTTPS and other encrypted traffic key. Vulnerability the potential impact of While serious, but the need to meet multiple criteria to be used: the vulnerability exists only in OpenSSL 1.0.2; rely o...

OpenSSL high-risk vulnerabilities allow hackers to decrypt HTTPS traffic（CVE-2 0 1 6-0 7 0 1-a vulnerability warning-the black bar safety net

! The OpenSSL encryption code library defenders are declared fixes a high risk vulnerability. The vulnerability could allow a hacker to access in HTTPS and other secure transport layer, for the encrypted communication to decrypt the key. OpenSSL vulnerability details When various conditions are...

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS-based communications and other Transport layer security TLS channels. OpenSSL is an open-source library that is the most...

Government Agencies Audit For Juniper Backdoor

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...

[SECURITY] Fedora 22 Update: python-rsa-3.3-2.fc22

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

[SECURITY] Fedora 23 Update: python-rsa-3.3-2.fc23

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

Zizzania - Automated DeAuth Attack

zizzania sniffs wireless traffic listening for WPA handshakes and dumping only those frames suitable to be decrypted one beacon + EAPOL frames + data. In order to speed up the process, zizzania sends IEEE 802.11 DeAuth frames to the stations whose handshake is needed, properly handling...

SAP NetWeaver Information Disclosure Vulnerability (CNVD-2016-00444)

SAP NetWeaver is a service-oriented, integrated application platform. A security vulnerability in SAP NetWeaverUser Management Engine allows remote attackers to exploit the vulnerability to decrypt data...

CVE-2016-1910

The User Management Engine UME in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290...