Lucene search
K

51 matches found

Schneier on Security
Schneier on Security
added 2022/05/05 11:2 a.m.17 views

15.3 Million Request-Per-Second DDoS Attack

Cloudflare is reporting a large DDoS attack against an unnamed company "operating a crypto launchpad." While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS attacks are more expensive in terms of required computational resources because...

0.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/09/15 5:17 p.m.18 views

What are SSL certificates?

Secure Sockets Layer SSL certificates are what cause your browser to display a padlock icon, indicating that your connection to a websites is secure. Although the padlock may soon be hidden from view, certificates arent going anywhere. Lets start with some definitions and explain some of the...

6.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/02/22 10:29 a.m.71 views

Important: Red Hat Security Advisory: stunnel security update

An update for stunnel is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.1AI score0.01179EPSS
Exploits0References2
OSV
OSV
added 2021/02/22 9:54 a.m.17 views

ALSA-2021:0618 Important: stunnel security update

Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection encrypted using SSL or TLS or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fixes: stunnel: client...

7.5CVSS7.6AI score0.01179EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2021/01/15 3:8 p.m.39 views

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but youre glad you did it where people dont know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network VPN can do for you: it can put you in a place where you...

Exploits0
UbuntuCve
UbuntuCve
added 2020/11/23 7:15 p.m.27 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS6.1AI score0.02323EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/05/05 12:0 a.m.5 views

PT-2020-13062 · Riverbed · Orchestrator

Name of the Vulnerable Software and Affected Versions: Orchestrator affected versions not specified Description: The issue arises from the lack of validation of the certificate used to identify Orchestrator to EdgeConnect devices. This oversight allows an attacker to establish a TLS connection fr...

6CVSS5AI score0.00338EPSS
Exploits0References2
Veracode
Veracode
added 2020/04/10 12:36 a.m.23 views

Information Disclosure

pidgin is vulnerable to information disclosure. It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the use...

5CVSS1.7AI score0.01302EPSS
Exploits0References12Affected Software1
The Hacker News
The Hacker News
added 2020/02/25 7:11 p.m.59 views

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/02/07 5:3 p.m.55 views

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

7AI score
Exploits0References10
ThreatPost
ThreatPost
added 2016/12/14 12:21 p.m.30 views

Flash Player Bug An Eavesdropper's Delight

Adobe yesterday patched a not-so-sweet 16 Flash Player vulnerabilities, including a zero day under attack. While not much is known about the targeted attacks using the Flash Player bug, or its victims, details have surfaced on another patched flaw that is a potential privacy nightmare...

10CVSS8.9AI score0.18786EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2016/09/07 7:53 p.m.10 views

Warning! This Cross-Platform Malware Can Hack Windows, Linux and OS X Computers

Unlike specially crafted malware specifically developed to take advantage of Windows operating system platform, cyber attackers have started creating cross-platform malware for wider exploitation. Due to the rise in popularity of Mac OS X and other Windows desktop alternatives, hackers have begun...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2016/03/24 10:18 a.m.11 views

Apple Intel HD3000 Graphics kernel driver patch

While the iMessage crypto bug got most of the attention among this week’s Apple patches, another vulnerability that was addressed represents a nasty trend of privilege escalation flaws that merit watching. Researchers at Cisco on Wednesday disclosed details on a flaw in an OS X graphics kernel...

0.1AI score
Exploits0References6
The Hacker News
The Hacker News
added 2015/10/10 9:18 p.m.10 views

Apple Kicks Out some Malicious Ad-Blocker Apps from its Online Store

Apple has removed several apps from its official iOS App Store that have the ability to compromise encrypted connections between the servers and the end-users. Apple has officially said: We have removed a "few" apps from the iOS App Store that could install root certificates and allow monitoring...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2014/10/31 11:34 a.m.12 views

Facebook Creates .Onion Site; Now Accessible Via Tor Network

UPDATE – This story has been updated with commentary from the Tor Project. Facebook announced today that the social network will now be directly available to users as a Tor hidden service. The Tor Project is an Internet-traffic anonymization service that relays user traffic through a number of...

6.9AI score
Exploits0References6
exploitpack
exploitpack
added 2014/09/13 12:0 a.m.60 views

Ammyy Admin 3.5 - Remote Code Execution (Metasploit)

Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...

8.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.359 views

Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support

No description provided by source. / CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted...

5CVSS8.2AI score0.99999EPSS
Exploits88
0day.today
0day.today
added 2014/04/24 12:0 a.m.129 views

Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support

This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset...

5CVSS8AI score0.99999EPSS
Exploits88
Packet Storm
Packet Storm
added 2014/04/24 12:0 a.m.274 views

Heartbleed OpenSSL Information Leak Proof Of Concept

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

5CVSS8.2AI score0.99999EPSS
Exploits88
Exploit DB
Exploit DB
added 2014/04/24 12:0 a.m.853 views

OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)

/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...

7.5CVSS7.8AI score0.99999EPSS
Exploits88
Rows per page
Query Builder