Hardcoded credentials

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The exported device configuration is encrypted with the hardcoded Pxift password in some cases...

Consumer Reports Reviews Wireless Home-Security Cameras

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has i...

Moderate: Red Hat Security Advisory: 389-ds-base security and bug fix update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

python security update

CentOS Errata and Security Advisory CESA-2018:3406 An update for python-paramiko is now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red H...

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

The vulnerability of the FortiOS operating system’s SSL-VPN implementation, caused by errors in processing input data, allows a hacker to replace encrypted traffic with malicious data.

The vulnerability of the SSL-VPN implementation in the FortiOS operating system arises due to errors in processing input data. Exploiting this vulnerability allows a malicious actor to replace encrypted traffic using a specially generated MAC...

[SECURITY] Fedora 29 Update: python-paramiko-2.4.2-1.fc29

Paramiko a combination of the Esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for se cure encrypted and authenticated connections to remote machines. Unlike SSL a ka TLS, the SSH2 protocol does not require hierarchical certificat...

Signal Secure Messaging App Now Encrypts Sender's Identity As Well

Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are full...

Cisco device config dumping

Quick guide to recovering configs from Cisco switches and routers We have recently done work in situations where recovering the Cisco config from one device e.g. an edge switch can give us useful information. This includes: VLANs even for VLANs that are not used on that piece of equipment Which...

Mac malware intercepts encrypted web traffic for ad injection

Last week, Malwarebytes researcher Adam Thomas found an interesting new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let's take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see...

SUSE-SU-2018:1855-2 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-5848: In the function wmisetie, the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ielen...

Webshell Bypass Vulnerability in Web Security Dog (IIS Edition) V4.0

Website Security Dog IIS Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features for comprehensive website security. Webshell bypass vulnerability exists in Web Security Dog IIS Edition V4.0. An attacker can...

Helm Wants You to Control Your Own Data Again

Helm hopes to make running your own private, encrypted server easy for everyone...

Ivanti Workspace Control and RES One Workspace Information Disclosure Vulnerability

Ivanti Workspace Control formerly known as RES One Workspace is a set of workspace control software from the American company Ivanti. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

Design/Logic Flaw

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

[SECURITY] Fedora 27 Update: python-paramiko-2.3.3-1.fc27

Paramiko a combination of the Esperanto words for "paranoid" and "friend" is a module for python 2.3 or greater that implements the SSH2 protocol for se cure encrypted and authenticated connections to remote machines. Unlike SSL a ka TLS, the SSH2 protocol does not require hierarchical certificat...

[SECURITY] Fedora 28 Update: dislocker-0.7.1-10.fc28

Dislocker has been designed to read BitLocker encrypted partitions "drives " under a Linux system. The driver has the capability to read/write partitions encrypted using Microsoft Windows Vista, 7, 8, 8.1 and 10 AES-CBC, AES-XTS, 128 or 256 bits, with or without the Elephant diffuser, encrypted...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...