14 matches found
A Novel Trust-Based DDoS Cyberattack Detection Model for Smart Business Environments
As the frequency and complexity of Distributed Denial-of-Service DDoS attacks continue to increase, the level of threats posed to Smart Internet of Things SIoT business environments have also increased. These environments generally have several interconnected SIoT systems and devices that are...
curl: Apple SecTrust legacy path accepts untrusted certificates on pre-10.14 macOS/iOS when built with USE_APPLE_SECTRUST
Summary: When libcurl is built with USEAPPLESECTRUST and runs on Apple OS versions that lack SecTrustEvaluateWithError macOS 10.14 / iOS 12, the legacy verification path miscompares OSStatus to SecTrustResultType and never checks the SecTrust result. This can cause untrusted certificates to be...
EUVD-2014-2274
Malware in sbrugna...
Quantum Skyshield: Quantum Key Distribution and Post-Quantum Authentication for Low-Altitude Wireless Networks in Adverse Skies
Recently, low-altitude wireless networks LAWNs have emerged as a critical backbone for supporting the low-altitude economy, particularly with the densification of unmanned aerial vehicles UAVs and high-altitude platforms HAPs. To meet growing data demands, some LAWN deployments incorporate...
MinIO 授权问题漏洞
MinIO is an open source object storage server from MinIO Corporation in the United States. The product supports building infrastructures for machine learning, analytics, and application data workloads. MinIO suffers from an authorization issue vulnerability that stems from an SSH key trust...
Improper Certificate Validation in security-framework
If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...
How CARTA Strategies for Web Applications are Met with Indusface AppTrana Solution
Gartner’s CARTA Continuous Adaptive Risk and Trust Assessment, which sets out their vision for security, is increasingly being adopted by several enterprises. Recently Gartner also called out CARTA strategic approach in the top 10 security projects for 2019. CARTA, being a strategic approach,...
Should-I-Trust - OSINT Tool To Evaluate The Trustworthiness Of A Company
should-i-trust is a tool to evaluate OSINT signals for a domain. Requirements should-i-trust requires API keys from the following sources: Censys.io - Free for for first 250/quries/month VirusTotal - Free GrayHatWarFare - Free with limited results Use Case You're part of a review board that's...
RUSTSEC-2017-0003 Hostname verification skipped when custom root certs used
If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...
Hostname verification skipped when custom root certs used
If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...
CVE-2014-2234
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent TEA feature without terminating certain TLS/SSL handshakes as specified in the SSLCTXsetverify callback function's documentation, which allows remote attackers to bypass extra verification within a...
Design/Logic Flaw
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent TEA feature without terminating certain TLS/SSL handshakes as specified in the SSLCTXsetverify callback function's documentation, which allows remote attackers to bypass extra verification within a...
CVE-2014-2234
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent TEA feature without terminating certain TLS/SSL handshakes as specified in the SSLCTXsetverify callback function's documentation, which allows remote attackers to bypass extra verification within a...
CVE-2014-2234
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent TEA feature without terminating certain TLS/SSL handshakes as specified in the SSLCTXsetverify callback function's documentation, which allows remote attackers to bypass extra verification within a...