15 matches found
EUVD-2023-52818
Malicious code in bioql PyPI...
CVE-2025-32878
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end...
CVE-2019-1010206
OSS Http Request Apache Cordova Plugin 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...
New PingPull Malware Variant Targets Linux Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The PingPull malware variant that targets Linux systems is linked to Alloy Taurus, and it communicates with a domain over HTTPS to receive encrypted commands for executing specific functions. To receive...
kevinsawicki/http-request Missing certificate validation
OSS Http Request kevinsawicki/http-request is missing SSL/TLS certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...
Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates withou...
CVE-2019-1010206
OSS Http Request Apache Cordova Plugin 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...
CVE-2019-1010206
OSS Http Request Apache Cordova Plugin 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...
CVE-2019-1010206
OSS Http Request Apache Cordova Plugin 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing...
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...
SOL16903 - Microsoft Schannel vulnerability CVE-2015-1637
1 BIG-IP Edge Client for Windows uses Schannel.dll directly and indirectly through WinINet for HTTPS communication with Microsoft Windows. F5 recommends that users apply the applicable Microsoft update posted at . This link takes you to a resource outside of AskF5, and the third party could remov...
Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (winhttp)
Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Tunnel communication over HTTPS Windows winhttp This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework modu...
Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net
0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...
Duqu Analysis and Detection Tool by NSS Labs
Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the "functionality, capabilities and ultimate purpose of DuQu.". The Tool is availabl...
Researchers Discover New ACH Banker Trojan
Malware hunters at SecureWorks have intercepted a new banker Trojan being used by cyber-criminals to steal financial credentials from banks in the U.S. The Trojan, dubbed “Bugat,” targets Automated Clearing House ACH and wire transfer transactions by small- and mid-sized business in the U.S., muc...