How to Improve Your API Security Posture

APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even ta...

CVE-2021-35246 Unprotected Transport of Credentials (HSTS) Vulnerability

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...

Security Bulletin: Avoiding Weak SSL/TLS Encryption in IBM System x and Flex Systems (CVE-2013-4030)

Summary Encryption with symmetric keys shorter than 128 bits is considered more vulnerable to attack than encryption with keys 128 bits or longer. Several SSL/TLS cipher suites include encryption with keys shorter than 128 bits. Vulnerability Details Abstract Encryption with symmetric keys shorte...

Slackware: Security Advisory (SSA:2013-322-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

Python API wrapper and command-line client for the tools hosted on spyse.com. "Spyse is a developer of complete DAAS Data-As-A-Service solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business...

FortiCam FCM-MB40 Code Execution / Privilege Escalation

Original posting: https://xor.cat/2019/06/19/fortinet-forticam-vulns/ Background In March of 2019 I discovered five vulnerabilities in Fortinet's FortiCam FCM-MB401 product. Part-way through disclosing this vulnerability, I discovered that the FCM-MB40 is manufactured by a company called Dynacolo...

Capital One: Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over th...

Security Bulletin: OpenSSL Heartbleed Vulnerability and Impact to Algo and OpenPages Products

Abstract The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privac...

My Government Doesn't Understand How Encryption and Cyber Security Work

Almost every day or every second day, When I come across various announcements in Newspaper, TV News Channels, and Press releases that... ...Indian Government and related Policy-making organizations are going to set up their so-called "CyberSecurity Task Forces" or drafted a "National Cyber...

ssl-heartbleed NSE Script

Detects whether a server is vulnerable to the OpenSSL Heartbleed bug CVE-2014-0160. The code is based on the Python script ssltest.py authored by Katie Stafford [email protected] Script Arguments ssl-heartbleed.protocols default tries all TLS 1.0, TLS 1.1, or TLS 1.2 tls.servername See the...

Twitter Implements Perfect Forward Secrecy

Twitter took another step toward not only securing the privacy of its users’ communication over the social network, but in warding off the prying eyes of government surveillance with the implementation of Perfect Forward Secrecy. The technology thwarts the efforts of anyone who may be collecting...

Samba 3.x < 3.6.20 / 4.0.x < 4.0.11 / 4.1.x < 4.1.1 Multiple Vulnerabilities

According to its banner, the version of Samba running on the remote host is 3.x prior to 3.6.20 or 4.0.x prior to 4.0.11 or 4.1.x prior to 4.1.1. It is, therefore, potentially affected by multiple vulnerabilities : - A security bypass vulnerability may exist because Samba does not properly enforc...

Private key in key.pem world readable

Description Due to incorrect directory and file permissions a local attacker might obtain the private key that is used for the SSL/TLS encryption for ldaps including STARTTLS on ldap and https network traffic. The attacker is then able to decrypt encrypted network traffic which may contain...

FTPRush v1.1.3 - Stack Buffer Overflow Vulnerability

Document Title: =============== FTPRush v1.1.3 - Stack Buffer Overflow Vulnerability References Source: ==================== http://www.youtube.com/watch?v=Fxr35RAcaUA Release Date: ============= 2011-06-16 Vulnerability Laboratory ID VL-ID: ==================================== 54 Product & Servi...

Cerberus FTP Server 2.32 Denial of Service

Cerberus FTP Server 2.32 Denial of Service Denial of ServiceDoS ------- KAPDA New advisory Vulnerable products : Cerberus FTP Server 2.32 Vendor: http://www.cerberusftp.com/ Risk: High Vulnerabilities: Denial of service Date : -------------------- Found : Aug 21 2005 Vendor Contacted : Aug 21 200...