RHEL 9 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

DEBIAN-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

Design/Logic Flaw

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

UBUNTU-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

Here’s Some Bitcoin: Oh, and You’ve Been Served!

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...

Mastercard Cybersecurity

Safeguarding Trade: Discovering the World of Mastercard Digital Guardrails In our tech-driven era, it is vitro important that financial dealings are shielded competently. A colossal number of exchanges are happening each day, proving the ever growing necessity of sturdy digital protective measure...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the currently available option...

CVE-2023-45287

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

CVE-2023-45287

Summary of CVE-2023-45287 (Go): Before Go 1.20, RSA-based TLS key exchanges used math/big (not constant time). RSA blinding was applied but may not fully prevent timing leaks after removal of PKCS#1 padding, potentially enabling recovery of session key bits. Go 1.20+ switched crypto/tls to a full...

Associated Press, ESPN, CBS among top sites serving fake virus alerts

ScamClub is a threat actor whos been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their...

USN-6499-1: GnuTLS vulnerability

It was discovered that GnuTLS had a timing side-channel when handling certain RSA-PSK key exchanges. A remote attacker could possibly use this issue to recover sensitive information...