Citrix NetScaler Nonce Generation Vulnerability (CTX220329)

A flaw has been identified in the GCM nonce generation functionality of Citrix NetScaler application Delivery Controller ADC and Citrix NetScaler Gateway that could result in the interception of session data. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from...

Popular iOS Apps Vulnerable to TLS Interception Attacks

Dozens of iOS mobile banking, medical and other applications handling sensitive user information are vulnerable to man-in-the-middle attacks where TLS traffic can be intercepted. Of the 76 apps analyzed by Sudo Security Group, 19 are considered high-risk where financial or medical credentials, or...

Many Android VPN Apps Breaking Privacy Promises

An alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security. A study published recently identified a number of shortcomings common to...

About the security content of iTunes 12.5.1 for Windows - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Why WhatsApp's 'Backdoor' Isn't a Backdoor

Accusations that WhatsApp has a backdoor intended for eavesdropping on user messages is being loudly rebuked by Facebook-owned WhatsApp and Open Whisper Systems, the company that developed the underlying encryption technology for the platform. Dismissal of the published claims by The Guardian are...

Explained — What's Up With the WhatsApp 'Backdoor' Story?

What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not...

Design/Logic Flaw

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

CVE-2016-2366

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet...

Downloads Resources over HTTP

Overview Affected versions of windows-build-tools insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Man-in-the-Middle (MitM)

react-native-baidu-voice-synthesizer is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update

Those innocent-looking apps in your smartphone can secretly spy on your communications or could allow hackers to do so. Hard to believe, but it's true. Recently, Trustwave's SpiderLabs analysts discovered a hidden backdoor in Skype for Apple's macOS and Mac OS X operating systems that could be us...

Downloads Resources over HTTP

Overview Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one,...

Downloads Resources over HTTP

Overview Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of npm-test-sqlite3-trunk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of windows-seleniumjar insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...