Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach

The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...

EUVD-2020-5684

Malware in sbrugna...

EUVD-2021-19522

Malware in sbrugna...

EUVD-2017-8233

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-36325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and...

CVE-2021-32750

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL...

Improper Verification Of Cryptographic Signature

net.i2p.crypto, eddsa, net.i2p, i2p is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the implementation not satisfying the SUF-CMA property, allowing an attacker to forge alternative valid signatures for a known message...

com.peersafe:chainsql (>=1.0 <=3.0.4), net.i2p.android:client (>=0.9.27 <=0.9.33) +4 more potentially affected by CVE-2020-36843 via net.i2p:i2p (>=0.9.26 <=0.9.38)

net.i2p:i2p MAVEN version =0.9.26, =1.0, =0.9.27, =0.9.26, =0.9.26, =0.9.27, =0.9.30, =0.9.38 Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...

ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1819 more potentially affected by CVE-2020-36843 via net.i2p.crypto:eddsa (>=0.1.0 <=0.3.0)

net.i2p.crypto:eddsa MAVEN version =0.1.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =0.0.6, =2.1.2, =2.1.2, =2.2, =1.1.0-dev-3, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.23.0 and more Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...

com.peersafe:chainsql (>=1.0 <=3.0.4), net.i2p.android:client (>=0.9.27 <=0.9.33) +4 more potentially affected by CVE-2020-36843 via net.i2p:i2p (>=0.9.26 <=0.9.38)

net.i2p:i2p MAVEN version =0.9.26, =1.0, =0.9.27, =0.9.26, =0.9.26, =0.9.27, =0.9.30, =0.9.38 Source cves: CVE-2020-36843 Source advisory: SNYK:JAVA-NETI2P-9402850...

ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1819 more potentially affected by CVE-2020-36843 via net.i2p.crypto:eddsa (>=0.1.0 <=0.3.0)

net.i2p.crypto:eddsa MAVEN version =0.1.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =0.0.6, =2.1.2, =2.1.2, =2.2, =1.1.0-dev-3, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.23.0 and more Source cves: CVE-2020-36843 Source advisory: SNYK:JAVA-NETI2PCRYPTO-9402849...

CVE-2020-36843

The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...

CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

UBUNTU-CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

CVE-2023-36325

Removed by vendor...

CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation

German law enforcement has announced the disruption of a dark web platform called Kingdom Market that specialized in the sales of narcotics and malware to "tens of thousands of users." The exercise, which involved collaboration from authorities from the U.S., Switzerland, Moldova, and Ukraine,...

What is The Dark Web ?

The Undernet, a term frequently shrouded in enigma and often linked with unlawful activities, is a concealed segment of the digital world that is purposefully veiled and unreachable via regular internet browsers. This chapter aims to unveil the secrets of the Undernet, step by step demythifying i...