QNAP crypto keys logged on unencrypted disk partition in world accessible files

Affected devices: ================= Probably all QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804. Verified on TS-453S Pro and TVS-471, both with Firmware 4.1.4 Build 0522. Probably fixed with Firmware 4.1.4 Build 0804 incriminating message gone, thou...

EMC Documentum D2 Information Disclosure Vulnerability (CNVD-2015-05464)

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. A security vulnerability in the Lockbox component of EMC Documentum D2 4.2 and prior versions when saving a password in an encrypted file can be exploite...

Smart Traffic Sniffing: NetRipper

Smart Traffic Sniffing NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before...

CVE-2015-5965

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field...

CVE-2015-5965

Fortinet FortiOS SSL-VPN before 4.3.13 is affected by CVE-2015-5965: the TLS MAC in finished messages is only validated by the first byte, enabling a remote attacker to spoof encrypted content via a crafted MAC field. This vulnerability, documented in multiple sources, could lead to disclosure of...

Sen. Warren Worried About Banks' New Encrypted Messaging Platform

UPDATE–The list of politicians in Washington wringing their hands over the increasing use of encryption by consumers and businesses is growing longer by the day. Sen. Elizabeth Warren added her name to that list on Monday. Warren D-Mass. sent a letter to Attorney General Loretta Lynch expressing...

FireFox file stealing 0day vulnerability has been hacked“real”use, the official emergency release to fix patch-bug warning-the black bar safety net

In Russia a web site, the researchers found a Firefox serious 0day exploits program Exp code, you can steal Windows and Linux users on the computer file. This security event is forcing Mozilla to the official emergency release patch. Vulnerability description The vulnerability is caused by the...

FireMaster - The Firefox Master Password Cracking Tool

FireMaster is the First ever tool to recover the lost Master Password of Firefox. Master password is used by Firefox to protect the stored loign/password information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lo...

[SECURITY] Fedora 21 Update: openssh-6.6.1p1-15.fc21

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 22 Update: openssh-6.9p1-4.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 22 Update: openssh-6.9p1-3.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Introducing 93Gbps High-Speed Tor-Like Encrypted Anonymous Network

I think you'll agree with me when I say: It's quite hard to maintain anonymity on the Internet using the slow Tor network. Or is it? Well, it turns out, you may soon boost your online anonymity dramatically with the help of a new high-speed anonymity network. A group of six academics have develop...

SolarWinds N-Able N-Central Information Disclosure Vulnerability

SolarWinds N-Able N-Central is a suite of agent-based enterprise support and management solutions from SolarWinds USA. A information disclosure vulnerability exists in SolarWinds N-Able N-Central versions prior to 9.5.1.4514, which can be exploited to obtain a plaintext domain administrator...

kernel: buffer overflow in eCryptfs

A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system...

[SECURITY] Fedora 22 Update: openssh-6.9p1-1.fc22

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 21 Update: openssh-6.6.1p1-13.fc21

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

[SECURITY] Fedora 21 Update: python-jwt-1.3.0-1.fc21

A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects...

Amazon Patches Certificate Vulnerabilities in Fire Phones

Amazon last week patched three vulnerabilities in its Fire smartphones, including two in its Certinstaller package that put devices at risk. An attacker could take advantage of the vulnerability in the package, which allows mobile apps to install certificates on Amazon Fire devices without user...

IBM Tivoli Security Directory Server Information Disclosure Vulnerability (CNVD-2015-04102)

IBM Tivoli Security Directory Server now known as IBM Security Directory Server, ISDS is a suite of enterprise identity management software from IBM in the United States that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for...

Deserialization of untrusted data

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other...