PT-2020-15459 · Jenkins · Jenkins Parameterized Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Parameterized Remote Trigger Plugin versions 3.1.3 and earlier Description: The issue concerns the storage of a secret in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the secret is...

Design/Logic Flaw

The Bluetooth Low Energy Secure Manager Protocol SMP implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radi...

CVE-2020-4591

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746...

Design/Logic Flaw

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746...

Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog ," the modular, multi-threaded and file-less botnet has breached more than 500 servers ...

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer P2P botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers t...

SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2020-46790)

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An information disclosure vulnerability exists in SAP ASE version 16.0. An attacker could exploit the vulnerability to access encrypted sensitive information...

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks—today presented a new attack called 'ReVoLTE ,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted...

CactusPete APT group’s updated Bisonal backdoor

CactusPete also known as Karma Panda or Tonto Team is an APT group that has been publicly known since at least 2013. Some of the groups activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this groups activity for years as...

Incorrect Authentication Vulnerability in Multiple Huawei Products

Huawei Mate 20, Mate 20 Pro, Mate 20 X, and Mate 20 RS are a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in several Huawei products, which stems from the program's failure to properly sign encrypted files. An attacker could use the vulnerability to forge documen...

CVE-2020-6295

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to...

CVE-2020-6295

CVE-2020-6295 affects SAP Adaptive Server Enterprise 16.0. A vulnerability allows an attacker to access encrypted sensitive information through publicly readable installation log files, leading to a compromise of the Cockpit and potential information disclosure (view/modify/unavailable data). The...

PT-2020-15453 · Jenkins · Jenkins Email Extension Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.72 through 2.73 Description: The issue concerns the transmission and display of the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure...

Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file

By Waqas An investor had locked $300k worth of Bitcoin in an encrypted Zip file and forgot its password. This is a post from HackRead.com Read the original post: Researcher retrieves $300,000 worth of Bitcoin from an encrypted Zip file...

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

There is an improper authentication vulnerability in several smartphones. The system does not properly sign certain encrypted file, the attacker should gain the key used to encrypt the file, successful exploit could cause certain file be forged. Vulnerability ID: HWPSIRT-2019-10020 This...

October CMS Information Disclosure Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. An information disclosure vulnerability exists in versions of October CMS prior to 1.0.468 that stems from the program not binding an encrypted cookie value to the cookie name of that...

DeimosC2 - A Golang Command And Control Framework For Post-Exploitation

DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...

CVE-2020-15128

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...