EUVD-2022-44760

Malicious code in bioql PyPI...

EUVD-2024-39403

Malicious code in bioql PyPI...

Americans urged to use encrypted messaging after large, ongoing cyberattack

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters, a senior US official said the attack telecommunicatio...

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the...

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted E2EE cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and...

CVE-2024-42027

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources...

CVE-2024-42027

The CVE-2024-42027 entry describes a vulnerability in Rocket.Chat Mobile versions prior to 4.5.1 where E2EE password entropy is insufficient, enabling an attacker with sufficient time/resources to crack the initial E2EE password. Affected product: Rocket.Chat Mobile (pre-4.5.1). Root cause: low-e...

CVE-2024-42027

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat versions prior to 4.5.1 that stems from insufficient entropy in generated E2EE passwords. An attacker can exploit the vulnerability to crack passwords...

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted E2EE protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption "E2EE A/V". As part of the change introduced...

Nextcloud: X-E2EE-SIGNATURE verification can be bypassed, leading to loss of confidentiality of end-to-end encrypted files

The X-E2EE-SIGNATURE verification was found to be vulnerable, leading to the potential loss of confidentiality of end-to-end encrypted files...

Rocket.Chat: The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale.

The initial E2EE password generated by Rocket.Chat mobile prior to version 4.5.1 was found to have insufficient entropy, allowing it to be recovered in a practical timescale by an attacker...

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption E2EE for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the compa...

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption E2EE. They called on the industry and governments to take urgent action to ensure public safety across social media platforms. "Priva...

Meta Set to Enable Default End-to-End Encryption on Messenger by Year End

Meta has once again reaffirmed its plans to roll out support for end-to-end encryption E2EE by default for one-to-one friends and family chats on Messenger by the end of the year. As part of that effort, the social media giant said it's upgrading "millions more people's chats" effective August 22...

Zoom Client 5.15.0 Information Disclosure Vulnerability (ZSB-23025) - Linux

Zoom Client is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom";...

Zoom Client 5.15.0 - 5.15.1 Information Disclosure Vulnerability (ZSB-23025) - Windows

Zoom Client is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom";...

Missing Encryption Of Sensitive Data

nextcloud-client is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is caused due to a Lack of authenticity of metadata keys allowing a malicious server to gain access to E2EE folders resulting in it being able to decrypt files, recover the folder structure and add new files...

CVE-2023-28999 Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

CVE-2023-28998 Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...