11.5 C
London
Friday, October 20, 2017

Lenovo Quietly Patches Massive Bug Impacting Its Android Tablets and Zuk,...

Lenovo customers are being told to update their Android tablets and handsets to protect themselves against a handful of critical vulnerabilities impacting tens of millions of vulnerable Lenovo devices.

VU#307015: Infineon RSA library does not properly generate RSA key pairs

The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs,which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library.

Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II

On October 16th, 2017, a research paper with the title of "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was made publicly available.

This paper discusses seven vulnerabilities affecting session key negotiation in both the Wi-Fi Protecte...

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys...

A flawed Infineon Technology chipset left HP, Lenovo and Microsoft devices open to what is called a 'practical factorization attack,' in which an attacker computes the private part of an RSA key.

Adobe Patches Flash Zero Day Exploited by Black Oasis APT

Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis.

KRACK Attack Devastates Wi-Fi Security

The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.

VU#228519: Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to...

Wi-Fi Protected Access(WPA,more commonly WPA2)handshake traffic can be manipulated to induce nonce and session key reuse,resulting in key reinstallation by a wireless access point(AP)or client.

An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used.

Attacks may include arbitrary packet decryption and injection,TCP connection hijacking,HTTP content injection,or the replay of unicast and group-addressed frames.

These vulnerabilities are referred to as Key Reinstallation Attacks orKRACKattacks.

Cyberespionage Group Steps Up Campaigns Against Japanese Firms

Researchers unearth new tactics and strategies used by the criminals behind the hacking group known as Bronze Butler.

Hyatt Hit By Credit Card Breach, Again

Hyatt said its payment systems have been breached, exposing credit card data from 41 hotels in 11 countries between March and July this year.

Google Busy Removing More Malicious Chrome Extensions from Web Store

Three malicious Chrome extensions spoofing AdBlock Plus were removed from the Chrome Web Store this week.

Chris Brook Says Farewell to Threatpost

Staff writer Chris Brook says farewell to Threatpost after eight years on the site. He and Mike Mimoso talk about Threatpost's early days and how the site grew up alongside the security industry.

Legacy Office Feature Used In Novel Document Attacks

A forgotten feature in Microsoft Office allows attackers to bypass antivirus scanners and pull off document-based attacks to install malware.