51 matches found
15.3 Million Request-Per-Second DDoS Attack
Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...
What are SSL certificates?
Secure Sockets Layer SSL certificates are what cause your browser to display a padlock icon, indicating that your connection to a websites is secure. Although the padlock may soon be hidden from view, certificates arent going anywhere. Lets start with some definitions and explain some of the...
Important: Red Hat Security Advisory: stunnel security update
An update for stunnel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2021:0618 Important: stunnel security update
Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection encrypted using SSL or TLS or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fixes: stunnel: client...
How a VPN can protect your online privacy
Have you ever experienced the feeling of relief that comes when you do something silly, but youre glad you did it where people dont know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network VPN can do for you: it can put you in a place where you...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
PT-2020-13062 · Riverbed · Orchestrator
Name of the Vulnerable Software and Affected Versions: Orchestrator affected versions not specified Description: The issue arises from the lack of validation of the certificate used to identify Orchestrator to EdgeConnect devices. This oversight allows an attacker to establish a TLS connection fr...
Information Disclosure
pidgin is vulnerable to information disclosure. It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the use...
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...
Google Chrome To Bar HTTP File Downloads
Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...
Flash Player Bug An Eavesdropper's Delight
Adobe yesterday patched a not-so-sweet 16 Flash Player vulnerabilities, including a zero day under attack. While not much is known about the targeted attacks using the Flash Player bug, or its victims, details have surfaced on another patched flaw that is a potential privacy nightmare...
Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers
Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun...
Apple Intel HD3000 Graphics kernel driver patch
While the iMessage crypto bug got most of the attention among this week’s Apple patches, another vulnerability that was addressed represents a nasty trend of privilege escalation flaws that merit watching. Researchers at Cisco on Wednesday disclosed details on a flaw in an OS X graphics kernel...
Apple Kicks Out some Malicious Ad-Blocker Apps from its Online Store
Apple has removed several apps from its official iOS App Store that have the ability to compromise encrypted connections between the servers and the end-users. Apple has officially said: We have removed a "few" apps from the iOS App Store that could install root certificates and allow monitoring...
Facebook Creates .Onion Site; Now Accessible Via Tor Network
UPDATE – This story has been updated with commentary from the Tor Project. Facebook announced today that the social network will now be directly available to users as a Tor hidden service. The Tor Project is an Internet-traffic anonymization service that relays user traffic through a number of...
Ammyy Admin 3.5 - Remote Code Execution (Metasploit)
Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...
Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...
Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset...
Heartbleed OpenSSL Information Leak Proof Of Concept
/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)
/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...