Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions

Somewhere between $18 million to $20 million has gone missing during unauthorized interbank money transfers in Mexico’s central banking system. Authorities are investigating the shadow transactions, but answers are thus far scarce. The affected banks and government officials are determining wheth...

OpenPGP Information Disclosure Vulnerability

OpenPGP is a set of email encryption standards that supports multiple platforms. An information disclosure vulnerability exists in OpenPGP. An attacker could exploit this vulnerability to conduct a man-in-the-middle attack and obtain messages in plaintext form from encrypted emails...

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code...

CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

Virginia Beach Police Want Encrypted Radios

This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. They said officer safety would increase and citizens would be better protected. Someone should ask them if...

Real-Time Two-Factor Phishing Tool: ReelPhish

2FA adds an extra layer of authentication on top of the typical username and password. Two common 2FA implementations are one-time passwords and push notifications. One-time passwords are generated by a secondary device, such as a hard token, and tied to a specific user. These passwords typically...

Get Dashlane Password Manager Premium (50% + 10% OFF)

Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your passwor...

CVE-2018-4849

A vulnerability has been identified in Siveillance VMS Video for Android All versions V12.1a 2018 R1, Siveillance VMS Video for iOS All versions V12.1a 2018 R1. Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypt...

LC4: Another Pen-and-Paper Cipher

Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...

Gaining Control over Your Digital Certificates

Digital certificate management is in an inadequate state at most organizations, a serious problem, considering that SSL/TLS certificates are critical for a host of e-business functions. “If you’re doing something on the Internet, you’re using SSL,” Asif Karel, a Qualys Director of Product...

RHEL 7 : python-paramiko (RHSA-2018:1213)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:1213 advisory. The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender Unauthorized Remote Reboot

Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category: dos 1. www.shodan.io with title...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link:...

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot

Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Date: 25/04/2018 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category: dos 1. www.shodan.io with title...

Low: Red Hat Security Advisory: python-paramiko security update

An update for python-paramiko is now available for Red Hat Ansible Engine 2.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Apple macOS High Sierra Mail Man-in-the-Middle Attack Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple Inc. for Mac computers.Mail is one of the email components. A security vulnerability exists in the handling of S/MIME HTML email messages in the Mail component in Apple macOS High Sierra versions prior to 10.13.4. An...

Exploit for CVE-2012-4929

CRIME-poc CRIME attack : a compression oracle attacks CVE-20...

CVE-2014-6111

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to...

Design/Logic Flaw

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to...

RHEL 6 : python-paramiko (RHSA-2018:1124)

An update for python-paramiko is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...