Taking HTTPS Denial to an Absurd Level

Researcher Troy Hunt discovers as far as the internet has come in adopting HTTPS, it still has a ways to go.

Chain of 11 Bugs Takes Down Galaxy S8 at Mobile Pwn2Own

Researchers from MWR Labs used 11 vulnerabilities across six different mobile applications to execute code on a Samsung Galaxy S8 at Mobile Pwn2Own.

Devilish ONI Attacks in Japan Use Wiper to Cover Tracks

The ONI ransomware attacks targeting organizations in Japan are also dropping wiper malware which is being used to delete logs and cover the attackers' tracks.

VU#307015: Infineon RSA library does not properly generate RSA key pairs

The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs,which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library.

This vulnerability is often cited asROCAin the media.

VU#228519: Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to...

Wi-Fi Protected Access(WPA,more commonly WPA2)handshake traffic can be manipulated to induce nonce and session key reuse,resulting in key reinstallation by a wireless access point(AP)or client.

An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used.

Attacks may include arbitrary packet decryption and injection,TCP connection hijacking,HTTP content injection,or the replay of unicast and group-addressed frames.

These vulnerabilities are referred to as Key Reinstallation Attacks orKRACKattacks.

VU#590639: NXP Semiconductors MQX RTOS contains multiple vulnerabilities

The NXP Semiconductors MQX RTOS prior to version 5.1 contains a buffer overflow in the DHCP client,which may lead to memory corruption allowing an attacker to execute arbitrary code,as well as an out of bounds read in the DNS client which may lead to a denial of service.

VU#973527: Dnsmasq contains multiple vulnerabilities

Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.

VU#101048: Microsoft .NET framework SOAP Moniker PrintClientProxy remote code execution vulnerability

The Microsoft.NET framework fails to properly parse WSDL content,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#240311: Multiple Bluetooth implementation vulnerabilities affect many devices

A collection of Bluetooth implementation vulnerabilities known asBlueBornehas been released.

These vulnerabilities collectively affect Windows,iOS,and Linux-kernel-based operating systems including Android and Tizen,and may in worst case allow an unauthenticated attacker to perform commands on the device.

VU#166743: Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.

For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities

Multiple vulnerabilities in the EnergyWise module of Cisconbsp;IOS and Cisconbsp;IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of servic...

JSA10772 – 2017-01 Security Bulletin: Junos: RPD crash while processing RIP...

2017-01 Security Bulletin: Junos: RPD crash while processing RIP advertisements (CVE-2017-2303)Product Affected:This issue can affect any product or platform running Junos OS where RIP is enabled. Problem: Certain RIP advertisements received by the rou...