Lucene search
K

5469 matches found

Prion
Prion
added 2020/07/07 2:15 p.m.20 views

Code injection

Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android as used by nRF Connect and other applications can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation e.g.,...

3.3CVSS6.4AI score0.0054EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2020/07/07 12:0 a.m.3 views

Dell EMC VxRail Incorrect Authentication Vulnerability

Dell EMC VxRail is a VMware hyperconverged infrastructure appliance from Dell USA. The product contains compute, storage, network, and virtualization resources, among others. A security vulnerability exists in Dell EMC VxRail versions 4.7.410 and 4.7.411. A remote attacker could exploit the...

9.8CVSS6.7AI score0.01467EPSS
Exploits0References1
OSV
OSV
added 2020/07/06 6:15 p.m.2 views

CVE-2020-5368

Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form...

7.5CVSS7.2AI score0.01467EPSS
Exploits0References1
HackRead
HackRead
added 2020/07/04 5:49 p.m.35 views

Encrypted phone service EncroChat dismantled; leading to 800+ arrests

By Deeba Ahmed We reported about the closure of the infamous... This is a post from HackRead.com Read the original post: Encrypted phone service EncroChat dismantled; leading to 800+ arrests...

1.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/03 3:10 p.m.62 views

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

European law-enforcement officials have shut down an encrypted Android-based communications platform used exclusively by criminals to plot murders, traffic illegal drugs, commit money laundering and plan other organized crimes. An international law-enforcement team from the France and the...

7.7AI score
Exploits0References6
The Hacker News
The Hacker News
added 2020/07/03 11:56 a.m.3 views

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/02 12:0 a.m.26 views

F5 Networks BIG-IP : BIG-IP APM Edge Client vulnerability (K97733133)

When a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection. CVE-2020-5893 Impact An attacker can use a man-in-the-middle MITM attack by deploying a...

4.3CVSS5.2AI score0.00561EPSS
Exploits0References2
NVD
NVD
added 2020/06/30 7:15 p.m.16 views

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

7.5CVSS0.02511EPSS
Exploits3References3
OSV
OSV
added 2020/06/30 7:15 p.m.4 views

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

7.5CVSS7.1AI score0.02511EPSS
Exploits3References3
Prion
Prion
added 2020/06/30 7:15 p.m.45 views

Hardcoded credentials

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

5CVSS7.4AI score0.02511EPSS
Exploits3References3Affected Software1
ThreatPost
ThreatPost
added 2020/06/30 4:12 p.m.122 views

UCSF Pays $1.14M After NetWalker Ransomware Attack

The University of California, San Francisco UCSF has paid a $1.14 million ransom to recover data related to “important” academic work. The data was encrypted after the NetWalker ransomware reportedly hit the UCSF medical school. The UCSF, which includes a medical school and a medical center UCSF...

0.2AI score
Exploits0References17
NVD
NVD
added 2020/06/29 2:15 p.m.28 views

CVE-2019-18248

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

4.3CVSS0.00351EPSS
Exploits0References1
Prion
Prion
added 2020/06/29 2:15 p.m.19 views

Design/Logic Flaw

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

3.3CVSS4.7AI score0.00351EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/06/29 1:58 p.m.26 views

CVE-2019-18248

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

4.7AI score0.00351EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/28 12:0 a.m.5 views

Boole Server BooleBox Secure File Sharing Utility Injection Vulnerability

Boole Server BooleBox Secure File Sharing Utility is a file sharing system from Boole Server Italy. The system is mainly used for encrypted file storage and sharing. An injection vulnerability exists in Boole Server BooleBox Secure File Sharing Utility. The vulnerability can be exploited to execu...

8.5CVSS7.5AI score0.00965EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2020/06/24 3:54 p.m.38 views

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. The Lawful Access to Encrypted Data Act was introduced on Tuesday by Senate Judiciary Committee Chairman Lindsey Graham R-SC,...

7.1AI score
Exploits0References19
Malwarebytes
Malwarebytes
added 2020/06/24 2:30 p.m.30 views

Coughing in the face of scammers: security tips for the 2020 tax season

In spite of everything happening in the world right now—the 2020 tax season is about to come to an end, and taxes are due. Americans got a reprieve back in March when the US Treasury Department and Internal Revenue Service IRS announced they were pushing back the federal income tax filing due dat...

7.1AI score
Exploits0
HackRead
HackRead
added 2020/06/24 12:20 p.m.26 views

EncroChat encrypted communication provider quits after malware attack

By Waqas Encrypted communication network EncroChat has announced to shut down its services for good. This is a post from HackRead.com Read the original post: EncroChat encrypted communication provider quits after malware attack...

2.5AI score
Exploits0
OSV
OSV
added 2020/06/24 7:42 a.m.5 views

SUSE-SU-2020:1731-1 Security update for libreoffice

This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted bsc1171997. Non-security issues fixed: - Elements on title page mixed up bsc1160687. - Image...

5.3CVSS5.6AI score0.01255EPSS
Exploits0References6
Malwarebytes
Malwarebytes
added 2020/06/17 5:30 p.m.23 views

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...

8AI score
Exploits0
Rows per page
Query Builder