bi Dismantling Megamos Crypto: Wirelessly Lockpicking A Vehicle Immobilizer By packetstormsecurity.com Published On :: Fri, 14 Aug 2015 13:02:14 GMT The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation. Full Article
bi Debian Security Advisory 3417-1 By packetstormsecurity.com Published On :: Mon, 14 Dec 2015 16:40:50 GMT Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers. Full Article
bi Debian Security Advisory 3457-1 By packetstormsecurity.com Published On :: Thu, 28 Jan 2016 17:19:51 GMT Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. Full Article
bi Ubiquiti Networks UniFi Cloud Key Command Injection / Privilege Escalation By packetstormsecurity.com Published On :: Thu, 27 Jul 2017 18:22:22 GMT Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities. Full Article
bi Debian Security Advisory 3967-1 By packetstormsecurity.com Published On :: Fri, 08 Sep 2017 13:34:00 GMT Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates. Full Article
bi Debian Security Advisory 4138-1 By packetstormsecurity.com Published On :: Thu, 15 Mar 2018 15:57:24 GMT Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. Full Article
bi Debian Security Advisory 4147-1 By packetstormsecurity.com Published On :: Thu, 22 Mar 2018 22:23:00 GMT Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code. Full Article
bi Debian Security Advisory 4296-1 By packetstormsecurity.com Published On :: Tue, 18 Sep 2018 02:18:40 GMT Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks. Full Article
bi Russian Disinformation Ongoing Problem, Says FBI Chief By packetstormsecurity.com Published On :: Thu, 06 Feb 2020 17:27:36 GMT Full Article headline government usa russia fraud cyberwar facebook social fbi
bi Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) Null Free Shellcode By packetstormsecurity.com Published On :: Wed, 30 Oct 2019 15:58:06 GMT 47 bytes small Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) null free shellcode. Full Article
bi Linux/x86 Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode By packetstormsecurity.com Published On :: Thu, 09 Jan 2020 14:59:44 GMT 114 bytes small Linux/x86 random bytes encoder and XOR/SUB/NOT/ROR execve(/bin/sh) shellcode. Full Article
bi Windows/x86 Dynamic Bind Shell / Null-Free Shellcode By packetstormsecurity.com Published On :: Thu, 30 Jan 2020 14:40:17 GMT 571 bytes small Microsoft Windows x86 dynamic bind shell and null-free shellcode. Full Article
bi Linux Password Protected Bindshell Shellcode By packetstormsecurity.com Published On :: Fri, 24 Apr 2020 14:33:25 GMT 272 bytes small Linux/x86_64 null free password protected bindshell shellcode. Full Article
bi BlackBerry GIves Indian Spooks BBM And BIS Access By packetstormsecurity.com Published On :: Thu, 11 Jul 2013 14:51:15 GMT Full Article headline government privacy india blackberry
bi 3.2 Million Debit Cards Stolen In India By packetstormsecurity.com Published On :: Thu, 20 Oct 2016 14:04:13 GMT Full Article headline hacker india cybercrime data loss fraud
bi Aadhaar: Leak In World's Biggest Database Worries Indians By packetstormsecurity.com Published On :: Fri, 05 Jan 2018 15:50:02 GMT Full Article headline government privacy india data loss
bi QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation By packetstormsecurity.com Published On :: Tue, 21 Apr 2020 20:15:08 GMT QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code. Full Article
bi FBI Arrests Five Over 'Hackers For Hire' Websites By packetstormsecurity.com Published On :: Mon, 27 Jan 2014 17:54:48 GMT Full Article headline hacker government india china cybercrime fraud romania fbi
bi Newbie CMS Insecure Cookie Handling By packetstormsecurity.com Published On :: Thu, 25 Feb 2010 05:06:13 GMT Newbie CMS suffers from an insecure cookie handling vulnerability. Full Article
bi Babil CMS Insecure Cookie Handling By packetstormsecurity.com Published On :: Sat, 25 Dec 2010 17:52:42 GMT Babil CMS suffers from an insecure cookie handling vulnerability. Full Article
bi Latest Java Zero-Day Linked To Bit9 Compromise By packetstormsecurity.com Published On :: Sat, 02 Mar 2013 23:25:27 GMT Full Article headline hacker flaw symantec java
bi Symantec Sink Holes 500,000 Zombie Machines By packetstormsecurity.com Published On :: Tue, 01 Oct 2013 15:00:30 GMT Full Article headline malware cybercrime botnet fraud symantec
bi Hackers' Own Tools Are Full Of Vulnerabilities By packetstormsecurity.com Published On :: Wed, 26 Jul 2017 15:58:34 GMT Full Article headline hacker malware flaw symantec
bi 23,000 HTTPS Certs Will Be Axed In Next 24 Hours Amid Bitter Turf War By packetstormsecurity.com Published On :: Thu, 01 Mar 2018 01:02:09 GMT Full Article headline privacy symantec cryptography
bi Cisco Patches Critical Vulnerabilities In Policy Suite By packetstormsecurity.com Published On :: Thu, 19 Jul 2018 14:27:38 GMT Full Article headline flaw patch cisco
bi Cisco Tackles SD-WAN Root Privilege Vulnerability By packetstormsecurity.com Published On :: Thu, 19 Mar 2020 15:12:51 GMT Full Article headline flaw patch cisco
bi Debian Security Advisory 4584-1 By packetstormsecurity.com Published On :: Mon, 16 Dec 2019 15:59:48 GMT Debian Linux Security Advisory 4584-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. Full Article
bi FBI Arrests Man Suspected Of Dozens Of Swatting Calls By packetstormsecurity.com Published On :: Wed, 15 Jan 2020 17:03:43 GMT Full Article headline fraud terror fbi
bi Apache OFBiz 17.12.03 Cross Site Request Forgery By packetstormsecurity.com Published On :: Fri, 01 May 2020 13:44:30 GMT Apache OFBiz version 17.12.03 suffers from a cross site request forgery vulnerability. Full Article
bi FBI Possibly Backdoored OpenBSD IPSEC Stack By packetstormsecurity.com Published On :: Wed, 15 Dec 2010 16:36:40 GMT Full Article headline fbi backdoor openbsd
bi ATutor 2.2.4 Arbitrary File Upload / Command Execution By packetstormsecurity.com Published On :: Mon, 05 Aug 2019 20:46:25 GMT ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution. Full Article
bi Integria IMS 5.0.86 Arbitrary File Upload By packetstormsecurity.com Published On :: Fri, 16 Aug 2019 16:25:02 GMT Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution. Full Article
bi Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload By packetstormsecurity.com Published On :: Sat, 21 Sep 2019 18:09:40 GMT Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor. Full Article
bi IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution By packetstormsecurity.com Published On :: Mon, 07 Oct 2019 14:41:32 GMT IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution. Full Article
bi Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution By packetstormsecurity.com Published On :: Tue, 12 Nov 2019 17:10:03 GMT Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit. Full Article
bi Online Book Store 1.0 Arbitrary File Upload By packetstormsecurity.com Published On :: Thu, 16 Jan 2020 02:22:22 GMT Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability. Full Article
bi Joomla GMapFP 3.30 Arbitrary File Upload By packetstormsecurity.com Published On :: Wed, 25 Mar 2020 14:12:53 GMT Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability. Full Article
bi WordPress Event-Registration 5.43 Arbitrary File Upload By packetstormsecurity.com Published On :: Mon, 30 Mar 2020 11:11:11 GMT WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability. Full Article
bi Playable 9.18 Script Insertion / Arbitrary File Upload By packetstormsecurity.com Published On :: Fri, 17 Apr 2020 15:28:08 GMT Playable version 9.18 for iOS suffers from script insertion and arbitrary file upload vulnerabilities. Full Article
bi Air Sender 1.0.2 Arbitrary File Upload By packetstormsecurity.com Published On :: Fri, 24 Apr 2020 14:38:54 GMT Air Sender version 1.0.2 for iOS suffers from an arbitrary file upload vulnerability. Full Article
bi HardDrive 2.1 Arbitrary File Upload By packetstormsecurity.com Published On :: Thu, 30 Apr 2020 14:53:31 GMT HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability. Full Article
bi Online Clothing Store 1.0 Arbitrary File Upload By packetstormsecurity.com Published On :: Thu, 07 May 2020 15:26:30 GMT Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability. Full Article
bi Samsung Adds Biometrics To Latest Galaxy Smartphone By packetstormsecurity.com Published On :: Tue, 25 Feb 2014 01:17:13 GMT Full Article headline phone password science samsung
bi FBI, NSA To Hackers: Let Us Be Blunt, Weed Need Your Help By packetstormsecurity.com Published On :: Thu, 08 Aug 2019 14:23:43 GMT Full Article headline hacker government usa fbi nsa
bi Court Finds FBI Use Of NSA Database Violated Americans' 4th Amendment Rights By packetstormsecurity.com Published On :: Wed, 09 Oct 2019 14:05:38 GMT Full Article headline government privacy usa data loss spyware fbi nsa
bi Bills Seeks To Reform NSA Surveillance, Aiming At Section 215, FISA Process By packetstormsecurity.com Published On :: Mon, 27 Jan 2020 22:45:13 GMT Full Article headline government privacy usa phone spyware nsa
bi Chinese Firms Leak More Than A Half Billion Resumes By packetstormsecurity.com Published On :: Fri, 05 Apr 2019 15:15:02 GMT Full Article headline privacy china data loss identity theft
bi Equifax Data Breach Recovery Costs Pass $1 Billion By packetstormsecurity.com Published On :: Tue, 14 May 2019 00:41:51 GMT Full Article headline hacker privacy cybercrime data loss fraud identity theft
bi Data Leak Strikes US Cannabis Users, Sensitive Info Exposed By packetstormsecurity.com Published On :: Wed, 22 Jan 2020 15:57:37 GMT Full Article headline privacy data loss identity theft
bi The Air Force Will Let Hackers Try To Hijack An Orbiting Satellite By packetstormsecurity.com Published On :: Tue, 17 Sep 2019 14:27:25 GMT Full Article headline hacker usa conference military
