Citrix NetScaler Application Delivery Controller and NetScaler Gateway Information Disclosure Vulnerability

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway formerly known as Citrix Access Gateway Enterprise Edition are both products of Citrix Systems. NetScaler ADC is a service and application delivery solution Application Delivery Controller; NetScaler Gateway is a secure...

[SECURITY] Fedora 27 Update: openssh-7.6p1-2.fc27

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Design/Logic Flaw

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel SSH which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for...

CVE-2017-6679

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel SSH which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for...

Python package pysaml2 information disclosure vulnerability

The Python package pysaml2 is a Python based implementation of the SAML protocol for exchanging authentication and authorization data between security domains. An information disclosure vulnerability exists in Python package pysaml2 4.4.0 and earlier. An attacker can exploit this vulnerability to...

“ProtonMail Contacts” world’s first encrypted contacts manager is here

By Waqas The world-renowned encrypted email service provider ProtonMail is back in the This is a post from HackRead.com Read the original post: ProtonMail Contacts worlds first encrypted contacts manager is here...

CVE-2017-2720

The CVE-2017-2720 issue affects Huawei FusionSphere OpenStack V100R006C00, where an information-exposure vulnerability stems from a hard-coded cryptographic key used to encrypt inter-component messages. This design flaw can increase the risk of encrypted data being recovered. Huawei’s Security Ad...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

Input validation

SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes...

ABB TropOS (Update A)

CVSS v3 6.8 Vendor: ABB Equipment: TropOS Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-318-02 ABB TropOS that was published November 14, 2017, on the NCCIC/ICS-CERT website. AFFECTED PRODUCTS ABB reports that th...

Circle with Disney check_circleservers Code Execution Vulnerability(CVE-2017-2882)

Summary An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order...

Circle with Disney Configuration Restore Photos File Overwrite Vulnerability(CVE-2017-2916)

Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circ...

IEEE P1735 Cryptographic Issue Vulnerability (CNVD-2017-33397)

IEEE P1735 is a standard dedicated to encrypting the intellectual property of electronic designs. The implementation of IEEE P1735 is vulnerable to a cryptographic issue. An attacker could use this vulnerability to modify the license rejection response against an authorized license...

Daphne Caruana Galizia's Murder and the Security of WhatsApp

Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app...

CVE-2017-1000245

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

Design/Logic Flaw

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

DUHK Attack Exposes Gaps in FIPS Certification

Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack Don’t Use Hardcoded Keys, isn’t likely to be part of many threat models. Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementatio...

OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)

It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)

It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...