5469 matches found
Code injection
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android as used by nRF Connect and other applications can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation e.g.,...
Dell EMC VxRail Incorrect Authentication Vulnerability
Dell EMC VxRail is a VMware hyperconverged infrastructure appliance from Dell USA. The product contains compute, storage, network, and virtualization resources, among others. A security vulnerability exists in Dell EMC VxRail versions 4.7.410 and 4.7.411. A remote attacker could exploit the...
CVE-2020-5368
Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form...
Encrypted phone service EncroChat dismantled; leading to 800+ arrests
By Deeba Ahmed We reported about the closure of the infamous... This is a post from HackRead.com Read the original post: Encrypted phone service EncroChat dismantled; leading to 800+ arrests...
E.U. Authorities Crack Encryption of Massive Criminal and Murder Network
European law-enforcement officials have shut down an encrypted Android-based communications platform used exclusively by criminals to plot murders, traffic illegal drugs, commit money laundering and plan other organized crimes. An international law-enforcement team from the France and the...
Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network
In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed...
F5 Networks BIG-IP : BIG-IP APM Edge Client vulnerability (K97733133)
When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM attack by deploying a...
CVE-2020-14474
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...
CVE-2020-14474
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...
Hardcoded credentials
The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...
UCSF Pays $1.14M After NetWalker Ransomware Attack
The University of California, San Francisco UCSF has paid a $1.14 million ransom to recover data related to “important” academic work. The data was encrypted after the NetWalker ransomware reportedly hit the UCSF medical school. The UCSF, which includes a medical school and a medical center UCSF...
CVE-2019-18248
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...
Design/Logic Flaw
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...
CVE-2019-18248
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...
Boole Server BooleBox Secure File Sharing Utility Injection Vulnerability
Boole Server BooleBox Secure File Sharing Utility is a file sharing system from Boole Server Italy. The system is mainly used for encrypted file storage and sharing. An injection vulnerability exists in Boole Server BooleBox Secure File Sharing Utility. The vulnerability can be exploited to execu...
New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire
Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee Chairman Lindsey Graham R-SC,...
Coughing in the face of scammers: security tips for the 2020 tax season
In spite of everything happening in the world right now—the 2020 tax season is about to come to an end, and taxes are due. Americans got a reprieve back in March when the US Treasury Department and Internal Revenue Service IRS announced they were pushing back the federal income tax filing due dat...
EncroChat encrypted communication provider quits after malware attack
By Waqas Encrypted communication network EncroChat has announced to shut down its services for good. This is a post from HackRead.com Read the original post: EncroChat encrypted communication provider quits after malware attack...
SUSE-SU-2020:1731-1 Security update for libreoffice
This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted bsc1171997. Non-security issues fixed: - Elements on title page mixed up bsc1160687. - Image...
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...