The vulnerability of InHand Networks InRouter302’s microprogramming software, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to enhance their privileges and disclose protected information.

The vulnerability of InHand Networks InRouter302 microprogramming software lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability allows a malicious actor to enhance their privileges and disclose protected information through a specially crafted HTTP request...

Dell EMC Storage Trust Management Issue Vulnerability

A security vulnerability exists in Dell EMC Storage, a data storage solution from Dell, U.S.A. The vulnerability stems from incorrect certificate revocation checks. An attacker could use the vulnerability to perform a man-in-the-middle attack and eavesdrop on encrypted communications from a cloud...

CVE-2023-24022

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. The credentials are stored in the firmware, encrypted by the crypt function...

GoTo’s LastPass Breach: Encrypted Customer Data Taken

By Deeba Ahmed GoTo-owned LastPass revealed that hackers stole customers' encrypted data in a November 2022 data breach. This is a post from HackRead.com Read the original post: GoTos LastPass Breach: Encrypted Customer Data Taken...

LastPass Parent Company GoTo Suffers Data Breach, Customers' Backups Compromised

LastPass-owner GoTo formerly LogMeIn on Tuesday disclosed that unidentified threat actors were able to steal encrypted backups of some customers' data along with an encryption key for some of those backups in a November 2022 incident. The breach, which targeted a third-party cloud storage service...

Siemens in SCALANCE Products (CVE-2022-46142)

Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the CLI user passwords. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

PT-2023-18985 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.2 macOS Monterey versions prior to 12.6.3 Description: A logic issue was addressed with improved state management. This issue allows an encrypted volume to be unmounted and remounted by a different user without...

Apple macOS Monterey 授权问题漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Monterey prior to version 12.6.3 and macOS Ventura prior to version 13.2, which stems from a logical issue where an encrypted volume may be uninstalled and...

macOS 12.x < 12.6.3 Multiple Vulnerabilities (HT213604)

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.6.3. It is, therefore, affected by multiple vulnerabilities: - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur...

Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...

Input validation

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop o...

CVE-2023-23690

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop o...

Dell EMC Storage信任管理问题漏洞

A security vulnerability exists in Dell EMC Storage, a data storage solution from Dell, U.S.A. The vulnerability stems from incorrect certificate revocation checks. An attacker could use the vulnerability to perform a man-in-the-middle attack and eavesdrop on encrypted communications from a cloud...

Avast Releases Free Decryptor for BianLian Ransomware

By Deeba Ahmed Using this decryptor, BianLian victims can retrieve their encrypted data for free and avoid paying the ransom to the attackers. This is a post from HackRead.com Read the original post: Avast Releases Free Decryptor for BianLian Ransomware...

GSD-2023-1001264 ext4: disable fast-commit of encrypted dir operations

ext4: disable fast-commit of encrypted dir operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000903 ext4: disable fast-commit of encrypted dir operations

ext4: disable fast-commit of encrypted dir operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000441 ext4: disable fast-commit of encrypted dir operations

ext4: disable fast-commit of encrypted dir operations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

PT-2023-33518 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.18 Description: The issue concerns the ext4 file system, specifically with the fast-commit of encrypted directory operations. The actual impact and attack plausibility have not yet been proven...

PT-2023-34341 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.163 Description: The issue concerns the ext4 file system, specifically with fast-commit of encrypted directory operations. It was introduced in version v5.10 and fixed in version v5.10.163. The actual impa...

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated...