APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

UBUNTU-CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

Huawei Document Security Management Information Disclosure Vulnerability

Huawei Document Security Management DSM is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. A security vulnerability exists in the privilege control function in Huawei DSM versions prior to...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE

Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage: https://nest.com/ Affected: Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models ...

Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE

Google Nest Cam 5.2.1 - Buffer Overflow Conditions Over Bluetooth LE Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage:...

Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE

Exploit for hardware platform in category dos / poc Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage: https://nest.com/ Affected:...

RHEL 7 : ansible (RHSA-2017:0515)

An update for ansible and ceph-ansible is now available for Red Hat Storage Console 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WhatsApp and Telegram Vulnerabilities Opened Users to Account Takeover

Encrypted messaging services WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account, access personal and group conversations, along with photos, videos and other files. A trio of researchers with Check Point Software Technologies,...

PT-2017-4237 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.10.7 Description: The issue is related to a use-after-free vulnerability in the fs/crypto component of the Linux kernel, which can lead to a denial of service or possibly allow local users to gain privileges...

PHPCMS v9.5.10 suffers from a design vulnerability

PHPCMS is a website management software. The software adopts modular development and supports a variety of classification methods, using it can easily realize the design, development and maintenance of personalized websites. A design vulnerability exists in PHPCMS v9.5.10, which allows an attacke...

SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based...

YouTube encrypted video there are multiple universal password can bypass the limit(wonderful vulnerability)-vulnerability warning-the black bar safety net

YouTube encrypted Video, a plurality of universal password Detailed description: As long as the Password box, enter the two English double quotation marks. For example: "" press the OK button to play all the encrypted videos. Management added: "" \ %% or a=a And other characters can bypass video...

Sage XRT Treasury database fails to properly restrict access to authorized users

Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT...

Google Releases E2EMail to Open Source

The ongoing struggle to provide encrypted email solutions that aren’t on a PGP level of complexity and difficulty is a real challenge. Google’s attempt at it, called E2EMail, was introduced more than a year ago as an effort to give users a Chrome app that allows for the simple exchange of private...

Google Achieves First-Ever Successful SHA-1 Collision Attack

SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack. SHA-1 was designed i...