CVE-2022-29885 EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm

A newly uncovered Emotet malware sample has the ability to spread to insecure Wi-Fi networks that are located nearby to an infected device. If the malware can spread to these nearby Wi-Fi networks, it then attempts to infect devices connected to them — a tactic that can rapidly escalate Emotet’s...

RelateIQ: Failed Certificate Validation On Custom Server (Register)

Hi, in the register page a custom server can be used to define "where to connect to". Your system does not validate the SSL certificate of this host which makes it easy to tamper with the data your system do in behalf of the user. As only SSL links are allowed by the application the user could...