PT-2020-20365 · Amazon Web Services · Aws S3 Crypto Sdk For Golang

Name of the Vulnerable Software and Affected Versions: AWS S3 Crypto SDK for GoLang versions prior to V2 Description: A vulnerability exists in the in-band key negotiation of the AWS S3 Crypto SDK for GoLang. An attacker with write access to the targeted bucket can change the encryption algorithm...

The vulnerability of the Encrypt-Then-Mac extension in the OpenSSL library, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the Encrypt-Then-Mac extension in the OpenSSL library is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

RAUcrypto !Languagehttps://img.shields.io/badge/Lang-Pyth...

PT-2020-5865 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x below 7.2.34 PHP versions 7.3.x below 7.3.23 PHP versions 7.4.x below 7.4.11 Description: The issue is related to the openssl encrypt function in PHP when used with AES-CCM mode and a 12-byte initialization vector IV. Only...

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

CVE-2019-11745

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to change domain settings for a...

CVE-2017-3733

It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client...

The Internet Avoided a Minor Disaster Last Week

A tiny backend bug at Let’s Encrypt almost broke millions of websites. A five-day scramble ensured it didn’t...

Endless Group: Lets Encrypt Certificates affected by CAA Rechecking Incident

Summary: Lets encrypt released a statement regarding 3 million certificates being revoked due to a issue in the CA signing process, Looking at your subdomains it appears that you are affected by this incident. When the revoking occurs the certificates the certificates are no longer valid. This ma...

Identifying Let’s Encrypt Revoked Certificates

Let's Encrypt is a free, automated, open certificate authority CA run for the public's benefit as a service from the Internet Security Research Group ISRG. It provides free digital certificates to enable HTTPS SSL/TLS for websites via user-friendly means. Earlier this week, Let's Encrypt announce...

Let’s Encrypt Pushes Back Deadline to Revoke Some TLS Certificates

Let’s Encrypt said it will give users of its Transport Layer Security TLS certificates more time to replace 1 million certificates that are still active and potentially affected by a Certificate Authority Authorization CAA bug before it revokes them. The popular free certificate authority had giv...

Let's Encrypt Vulnerability

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were...

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...

Let's Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was...

Let's Encrypt to Revoke Millions of TLS Certs

UPDATE Popular free certificate authority Let’s Encrypt said it will revoke 3 million Transport Layer Security TLS certificates Wednesday, because of a Certificate Authority Authorization CAA bug. The move could mean that millions of websites and machine identities that rely on those certificates...

Humble Bundle's 2020 Cybersecurity Books

For years, Humble Bundle has been selling great books at a "pay what you can afford" model. This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's...

Let's Encrypt Issued A Billion Free SSL Certificates in the Last 4 Years

Let's Encrypt, a free, automated, and open certificate signing authority CA from the nonprofit Internet Security Research Group ISRG, has said it's issued a billion certificates since its launch in 2015. The CA issued its first certificate in September 2015, before eventually reaching 100 million...