Security News

2015.05.28

Borys Łącki b.lacki@logicaltrust.net

Logjam

TLS - HTTPS, IPSec, VPN, SSH, POP3S, IMAPS, SMTPS

Atak pozwala na wymuszenie obniżenia poziomu szyfrowania wymiany kluczy Diffiego-Hellmana do poziomu 512 bitów.

https://weakdh.org/http://zaufanatrzeciastrona.pl/post/atak-na-wymiane-kluczy-zagraza-polaczeniom-https-vpn-ssh-i-smtps/

http://venom.crowdstrike.com/

The bug is in QEMU’s virtual Floppy Disk Controller (FDC). This vulnerable FDC code is used in numerous virtualization platforms and appliances, notably Xen, KVM, VirtualBox, and the native QEMU client.VMware, Microsoft Hyper-V, and Bochs hypervisors are not impacted by this vulnerability.

https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us

Once you register for the product, you can create your malware in three simple steps:1)Enter the ransom amount. (The site takes 20% of the ransom.)2)Enter your “cause.”3)Submit the captcha.

The BACKRONYM vulnerability allows for an attacker to downgrade and snoop on the SSL/TLS connection that MySQL client libraries use to communicate to a MySQL server.

http://backronym.fail/

https://blog.malwarebytes.org/fraud-scam/2015/05/we-need-your-support-nepal-earthquake-419-spam/

Nepal earthquake Scam

http://darkmatters.norsecorp.com/2015/05/04/london-railway-system-password-exposed-in-tv-documentary/

London Railway System Password Exposed in TV Documentary

Kontakt

Borys Łącki b.lacki@logicaltrust.net