16 matches found
EUVD-2017-17766
Malware in sbrugna...
CVE-2025-4444
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...
CVE-2025-4444 Tor Onion Service Descriptor resource consumption
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...
Unlearning-Enhanced Website Fingerprinting Attack: against Backdoor Poisoning in Anonymous Networks
Website Fingerprinting WF is an effective tool for regulating and governing the dark web. However, its performance can be significantly degraded by backdoor poisoning attacks in practical deployments. This paper aims to address the problem of hidden backdoor poisoning attacks faced by Website...
Brave Desktop 1.79.118 Security Fixes
Fixed Tor onion icon incorrectly appearing in the URL bar in certain cases as reported on HackerOne by newfunction. 45102 & 45376 Upgraded Chromium to 137.0.7151.61 — refer to Google Chrome advisories for inherited CVEs...
CVE-2020-25073
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...
SUSE CVE-2017-8823
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013...
Brave Browser enters dark web with its own Tor Onion service
By Deeba Ahmed Now Brave browser pages will be accessible on the Dark Web via the Tor gateway. This is a post from HackRead.com Read the original post: Brave Browser enters dark web with its own Tor Onion service...
CVE-2020-25073
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...
UBUNTU-CVE-2020-25073
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...
Code injection
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...
SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
This post was written by Vitor Ventura Introduction Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do...
DEBIAN-CVE-2017-8819
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue...
Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed "Bad Rabbit," is reportedly a new Petya-like targeted ransomware attack against...
DEFCON 25
After a few days in Las Vegas and after BlackHat, DEFCON 25 is finally over! It was an amazing time around awesome people. I didn't attend all the talks, but most of the ones I saw were interesting: There's no place like 127.0.0.1 - Achieving reliable DNS rebinding in modern browsers, by Luke...
Dark Web Users Suspect "Dream Market" Has Also Been Backdoored by Feds
By now you might be aware of the took down of two of the largest online dark websites—AlphaBay and Hansa—in what's being called the largest-ever international operation against the dark web's black market conducted by the FBI, DEA Drug Enforcement Agency and Dutch National Police. But the...