55 matches found
EUVD-2014-2320
Malware in sbrugna...
EUVD-2017-6774
Malware in sbrugna...
EUVD-2017-6775
Malware in sbrugna...
EUVD-2008-3130
Malware in sbrugna...
Researchers Link New SS7 Encoding Attack to Surveillance Vendor Activity
Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection...
LLMs’ Data-Control Path Insecurity
Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone...
Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers locations. The FCC...
SUSE CVE-2014-2282
The dissectprotocoldataparameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service application crash via a crafted SS7 MTP3 packet...
ss7.wkbw.com Cross Site Scripting vulnerability OBB-2437305
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Fedora: Security Advisory for libss7 (FEDORA-2021-17bf9d14f8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for libss7 (FEDORA-2021-91d42ce83e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for libss7 (FEDORA-2021-c5b708f363)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 33 Update: libss7-2.0.1-1.fc33
libss7 is a userspace library that is used for providing SS7 protocol services to applications. It has a working MTP2, MTP3, and ISUP for ITU and ANSI style SS7, however it was written in a manner that will easily allow support for other various national specific variants in the future...
[SECURITY] Fedora 34 Update: libss7-2.0.1-1.fc34
libss7 is a userspace library that is used for providing SS7 protocol services to applications. It has a working MTP2, MTP3, and ISUP for ITU and ANSI style SS7, however it was written in a manner that will easily allow support for other various national specific variants in the future...
Security Vulnerabilities in the RCS Texting Protocol
Interesting research: SRLabs founder Karsten Nohl, a researcher with a track record of exposing security flaws in telephony systems, argues that RCS is in many ways no better than SS7, the decades-old phone system carriers still used for calling and texting, which has long been known to be...
Cyber Security Week in Review (Feb. 8)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here. Top headlines this week Attackers continue to utilize...
A Facebook Crackdown, Amazon Facial Recognition, and More Security News This Week
Hackers use SS7 flaws to rob banks, Japan goes after IoT vulnerabilities, and more security news this week...
GTScan - The Nmap Scanner for Telco
The Nmap Scanner for Telco. With the current focus on telecom security, there used tools in day to day IT side penetration testing should be extended to telecom as well. From here came the motivation for an nmap-like scanner but for telco The current security interconnect security controls might...
Design/Logic Flaw
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...
Design/Logic Flaw
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote...