5463 matches found
The vulnerability of the command-line interface of the Cisco NX-OSS network operating system devices allows a attacker to obtain the user’s encrypted SSH key or import an encrypted SSH key protected by a password.
The vulnerability of the command-line interface of the Cisco NX-OSS network operating system is related to errors in managing SSH keys. Exploiting this vulnerability can allow an attacker to obtain a secret SSH key of a user or import a secret SSH key protected by a password...
Google's Push to Close a Major Encrypted Web Loophole
By building security into top-level domains, Google makes it harder for HTTPS to fall short...
Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service DDoS attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the...
Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests
Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service DDoS attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the...
CVE-2019-0307
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...
Cloudera Navigator Key Trustee KMS Encryption Issue Vulnerability
Cloudera Navigator Key Trustee KMS is a customized secret key management server from Cloudera. A security vulnerability exists in Cloudera Navigator Key Trustee KMS versions 5.12 and 5.13. An attacker can exploit the vulnerability to recover previously deleted but not cleaned keys or delete the...
CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords in the case of local...
ReverseTCPShell - PowerShell ReverseTCP Shell, Client & Server
Reverse Encrypted AES 256-bit Shell over TCP - usingPowerShell SecureString. Attacker C2-Server Listener: PS .\ReverseTCP.ps1 Target Client: CMD ECHO...
Ubuntu 16.04 LTS / 18.04 LTS : Evolution Data Server vulnerability (USN-3998-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3998-1 advisory. Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certa...
The vulnerability of the ECDSA encryption algorithm implementation in the OpenSSL library allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ECDSA encryption algorithm implementation in the OpenSSL library is related to errors in the management of cryptographic keys. Exploiting this vulnerability could allow a malicious actor to remotely restore the encrypted private key...
Insecure Credential Storage in web3
All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Si...
USN-3998-1: Evolution Data Server vulnerability
Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...
USN-3998-1 evolution-data-server vulnerability
Marcus Brinkmann discovered that Evolution Data Server did not correctly interpret the output from GPG when decrypting encrypted messages. Under certain circumstances, this could result in displaying clear-text portions of encrypted messages as though they were encrypted...
Google Stored G Suite Passwords in Plaintext Since 2005
Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...
Core Elastic Stack Security Features Now Available For Free Users As Well
Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...
The False Promise of “Lawful Access” to Private Data
Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition...
Weak Encryption
Thunderbird ESR and Thunderbird is vulnerable to weak encryption. A remote unauthenticated attacker could cause disclosure of plaintext using remote content in encrypted messages...
CVE-2019-10922
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...
CVE-2019-10922
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...
Security feature bypass
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 and newer All versions, SIMATIC WinCC V7.2 and earlier All versions, SIMATIC WinCC V7.3 and newer All versions. An attacker with network access to affected installations, which are configured...