CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

RIOT RIOT-OS 安全特征问题漏洞

RIOT RIOT-OS is a set of operating systems for applications in the Internet of Things IoT space. RIOT-OS nonce reuse version 802.15.4 suffers from a security signature issue vulnerability that allows an attacker to break the encryption by triggering a reboot...

MDT AutoSave 代码问题漏洞

MDT AutoSave is a software application. It provides an automated change management function. A code issue vulnerability exists in MDT AutoSave that stems from insufficient software encryption strength. An attacker could use this vulnerability to break the encryption and gain access to the system...

ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls

Researchers have discovered an attack on the Voice over LTE VoLTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack — detailed by a group of academic researchers from Ruhr University Bochum and New York...

CVE-2019-3818

The kube-rbac-proxy container, as used in Red Hat OpenShift Container Platform, does not honor TLS configurations allowing for the use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption of the...

Banking Malware Vawtrak Seen Using Tor2Web

Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another degree of difficulty when it comes to uncovering their activity. To this point the malware’s techniques – its evolution beyond banking websites, ability to break...