New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

Linux routers in Japan are the target of a new Golang remote access trojan RAT called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center JPCERT/CC...

SUSE CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...

CVE-2023-33982

Bramble Handshake Protocol BHP in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden...

CVE-2023-33982

Summary (CVE-2023-33982): Briar’s Bramble Handshake Protocol (BHP) in Briar versions prior to 1.5.3 is not forward secure. If an attacker later compromises both accounts, they can decrypt traffic between them. The vulnerability is tied to the BHP and is considered impractical to exploit in normal...

TFTP Fetch, Windows Encrypted Reverse Shell

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/tftp/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...

TFTP Fetch, Windows Command Shell, Encrypted Reverse TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/cmd/windows/tftp/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

HTTPS Fetch, Windows Command Shell, Encrypted Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/cmd/windows/https/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

HTTP Fetch, Windows Command Shell, Encrypted Reverse TCP Stager

Fetch and execute an x64 payload from an HTTP server. Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/cmd/windows/http/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

HTTPS Fetch, Windows Encrypted Reverse Shell

Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/https/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...

OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users

A hacking group dubbed OilAlpha with suspected ties to Yemen's Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. "OilAlpha used encrypted chat messengers like WhatsApp to launch...

The vulnerability of Fortinet’s FortiNAC and FortiNAC-F access control devices, which stems from the use of strictly encrypted login credentials, allows attackers to gain unauthorized access to protected information.

The vulnerability of the access control devices in Fortinet’s FortiNAC and FortiNAC-F systems lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by executing certain commands...

It’s always DNS, here’s why…

Introduction Theres an old adage in network and Internet support: When something breaks in any network "it was DNS". Sadly its usually true. …or at least it is when you have certain timeouts, or when a company you used to work for moves from the stable Unix based DNS to a Windows based one and th...

3 reasons to use a VPN

There are many good reasons to use a Virtual Private Network VPN, even if you are just casually scrolling. Privacy is a right that is yours to value and defend, and if you want to increase your online privacy then a VPN is one of the possible solutions. A VPN works like this: When youre connected...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the IsMetadataEncrypted function in PdfEncrypt. Remediation Upgrade podofo to version 0.10.4 or higher. References - GitHub Commit - GitHub Issue...

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

Twitter is officially beginning to roll out support for encrypted direct messages DMs on the platform, more than five months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existi...

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users

Twitter is officially beginning to roll out support for encrypted direct messages DMs on the platform, more than five months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existi...

Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

The social network’s new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month...

编号撤回

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. This CVE number has been withdrawn...

AMD Secure Encrypted Virtualization 安全漏洞

AMD Secure Encrypted Virtualization is a software application from UltraMicroelectronics AMD. Hardware-accelerated memory encryption to protect data in use. A security vulnerability exists in AMD Secure Encrypted Virtualization. An attacker could exploit this vulnerability to cause a denial of...

PT-2023-12100 · Amd · Amd Secure Encrypted Virtualization +1

Name of the Vulnerable Software and Affected Versions: AMD Secure Encrypted Virtualization SEV and SEV-ES affected versions not specified Description: The issue is related to insufficient validation in parsing Owner's Certificate Authority OCA certificates, which can lead to a host crash and...