484 matches found
DEBIAN-CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
ALPINE-CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
UBUNTU-CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
Design/Logic Flaw
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
CVE-2019-1547 ECDSA remote timing attack
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
Vulnerability in OpenSSL - ECDSA remote timing attack
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program for 20 Years
The Federal Trade Commission FTC today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal. Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that...
libvirt security update
5.0.0-9.el7 - qemu: remove cpuhostmask and cpuguestmask from virCaps structure Wim ten Have Orabug: 29956508 5.0.0-8.el7 - api: disallow virDomainSaveImageGetXMLDesc on read-only connections Jan Tomko Orabug: 29955742 CVE-2019-10161 - domain: Define explicit flags for saved image xml Eric Blake...
CVE-2018-12886
stackprotectprologue in cfgexpand.c and stackprotectepilogue in function.c in GNU Compiler Collection GCC 4.1 through 8 under certain circumstances generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the...
Watch: Hackers send explicit messages to riders on hacked e-scooters
By Uzair Amir Lime believes that hackers somehow managed to swap the audio files on eight of the e-scooters. Lime, a Brisbane-based scooter manufacturer, has been testing its E-Scooters on the streets of Brisbane but sadly, the gadgets are in the news for all the wrong reasons. Reportedly, eight...
Zero Trust part 1: Identity and access management
Once in a while, a simple phrase captures our imagination, expressing a great way to think about a problem. Zero Trust is such a phrase. Today, Ill define Zero Trust and then discuss the first step to enabling a Zero Trust modelstrong identity and access management. In subsequent blogs, well cove...
Anatomy of a sextortion scam
This blog was written by Jaeson Schultz. Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a public...
bouncycastle: DSA key pair generator generates a weak private key by default
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...
Mobile Websites Can Tap Into Your Phone's Sensors Without Asking
Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much...
Microsoft Windows: Audit Logon
Audit Logon determines whether the operating system generates audit events when a user attempts to log on to a computer. These events are related to the creation of logon sessions and occur on the computer that was accessed. For an interactive logon, events are generated on the computer that was...
CVE-2016-1000343
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...
PT-2018-4637 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3
Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the generation of weak private keys by the DSA key pair generator when used with default values. If the JCA key pair generator is not explicitly initialized...
Backdoorme - Powerful Auto-Backdooring Utility
Tools like metasploit are great for exploiting computers, but what happens after you've gained access to a computer? Backdoorme answers that question by unleashing a slew of backdoors to establish persistence over long periods of time. Once an SSH connection has been established with the target,...
CVE-2018-5166
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...