Security news vol. 6 - 20150528 - Risk & Technology Wrocław Group

•

1 gefällt mir•308 views

Logicaltrust pl

Internet

Security News
2015.05.28
Borys Łącki b.lacki@logicaltrust.net

Logjam
TLS - HTTPS, IPSec, VPN, SSH, POP3S, IMAPS, SMTPS
Atak pozwala na wymuszenie obniżenia poziomu szyfrowania wymiany
kluczy Diffiego-Hellmana do poziomu 512 bitów.
https://weakdh.org/
http://zaufanatrzeciastrona.pl/post/atak-na-wymiane-kluczy-zagraza-polaczeniom-https-vpn-ssh-i-smtps/

http://venom.crowdstrike.com/
The bug is in QEMU’s virtual Floppy Disk Controller (FDC). This vulnerable FDC code is used
in numerous virtualization platforms and appliances, notably Xen, KVM, VirtualBox, and the
native QEMU client.
VMware, Microsoft Hyper-V, and Bochs hypervisors are not impacted by this vulnerability.

https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
Once you register for the product, you can create your malware in three
simple steps:
1)Enter the ransom amount. (The site takes 20% of the ransom.)
2)Enter your “cause.”
3)Submit the captcha.

The BACKRONYM vulnerability allows for an attacker to downgrade and snoop on the
SSL/TLS connection that MySQL client libraries use to communicate to a MySQL server.
http://backronym.fail/

https://blog.malwarebytes.org/fraud-scam/2015/05/we-need-your-support-nepal-earthquake-419-spam/
Nepal earthquake Scam

http://darkmatters.norsecorp.com/2015/05/04/london-railway-system-password-exposed-in-tv-documentary/
London Railway System Password Exposed in
TV Documentary

Kontakt
Borys Łącki b.lacki@logicaltrust.net

Weitere ähnliche Inhalte

Andere mochten auch

Informe de evaluacion del plan vasco para la paz y la convivenciaIrekia - EJGV

Carbon and Livelihood Outcomes on the Forest-Farm FrontierCCAFS | CGIAR Research Program on Climate Change, Agriculture and Food Security

Animales Rarosrakelrh

Presentación Chogua para venturesManuela Calderon

Bases legales.- Aniversario Lisboa #destinosIberiaIberia

Presentacion Servicios Saleswinsaleswin, Business Development

Trade financeguide ch13_latest_eg_main_0550432008shekhar

Rimon - CLE on Cloud Lawyering for PAABAYaacov Silberman

Byrokrat Cup 2015Saša Mráz

El sintagma verballenguaventura

[Tel aviv merge world tour] Perforce KeynotePerforce

The 3 Critical SEO & Link Building Tools That 29 Experts Rely On!Matthew Woodward

Proyecto Hera. Manual de Buenas Prácticas de Intervención Policial en Violenc...No+ Violencia de Género "José Antonio Burriel"

Cidway Banking 02 2011lfilliat

Short Sale BasicsStacey Alcorn

Outdoorable MagazineOutdoorablemagazine

CoDiRO Xylella FastidiosaRuggero86

motricidad acuaticacristianpoveda1

Andere mochten auch (18)

Informe de evaluacion del plan vasco para la paz y la convivencia

Carbon and Livelihood Outcomes on the Forest-Farm Frontier

Animales Raros

Presentación Chogua para ventures

Bases legales.- Aniversario Lisboa #destinosIberia

Presentacion Servicios Saleswin

Trade financeguide ch13_latest_eg_main_055043

Rimon - CLE on Cloud Lawyering for PAABA

Byrokrat Cup 2015

El sintagma verbal

[Tel aviv merge world tour] Perforce Keynote

The 3 Critical SEO & Link Building Tools That 29 Experts Rely On!

Proyecto Hera. Manual de Buenas Prácticas de Intervención Policial en Violenc...

Cidway Banking 02 2011

Short Sale Basics

Outdoorable Magazine

CoDiRO Xylella Fastidiosa

motricidad acuatica

Ähnlich wie Security news vol. 6 - 20150528 - Risk & Technology Wrocław Group

Operations Security - SF Bitcoin Hackday March 2015Mikko Ohtamaa

The Dark Side of PowerShell by George DobreaEC-Council

Serverless Security: Defence Against the Dark ArtsYan Cui

Security in serverless worldYan Cui

Serverless security: defence against the dark artsYan Cui

Operations security - SyPy Dec 2014 (Sydney Python users)Mikko Ohtamaa

663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdfpivanon243

CEHv10 M0 Introduction.pptxYasserOuda2

Days of the Honeynet: Attacks, Tools, IncidentsAnton Chuvakin

FreeBSD and Hardening Web ServerMuhammad Moinur Rahman

Reducing attack surface on ICS with Windows native solutionsJan Seidl

Operations security (OPSEC)Mikko Ohtamaa

News bytes Oct-2011Ashwin Patil, GCIH, GCIA, GCFE

Shellshock - A Software Bugvwchu

SshRaghu nath

Placing backdoors-through-firewallsAkapo Damilola

Security in Serverless worldYan Cui

TLS Interception considered harmful (Chaos Communication Camp 2015)hannob

Wrath of Ransomware_Longinus TimochencoLonginus Timochenco

Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012WordCamp Sydney

Ähnlich wie Security news vol. 6 - 20150528 - Risk & Technology Wrocław Group (20)

Operations Security - SF Bitcoin Hackday March 2015

The Dark Side of PowerShell by George Dobrea

Serverless Security: Defence Against the Dark Arts

Security in serverless world

Serverless security: defence against the dark arts

Operations security - SyPy Dec 2014 (Sydney Python users)

663187411-UNIT-III-Virtualization-System-Specific-Attacks-1.pdf

CEHv10 M0 Introduction.pptx

Days of the Honeynet: Attacks, Tools, Incidents

FreeBSD and Hardening Web Server

Reducing attack surface on ICS with Windows native solutions

Operations security (OPSEC)

News bytes Oct-2011

Shellshock - A Software Bug

Ssh

Placing backdoors-through-firewalls

Security in Serverless world

TLS Interception considered harmful (Chaos Communication Camp 2015)

Wrath of Ransomware_Longinus Timochenco

Securing your WordPress Website - Vlad Lasky - WordCamp Sydney 2012

Mehr von Logicaltrust pl

Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24Logicaltrust pl

Security Awareness po polsku - webinar 2019.11.29Logicaltrust pl

8 zasad skutecznego security awarenessLogicaltrust pl

Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019Logicaltrust pl

Ataki socjotechniczne w praktyce - Confidence 2019Logicaltrust pl

Minerva_lib - fuzzing toolLogicaltrust pl

"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018Logicaltrust pl

Spear phishing - jak się bronić? Case studies - Confidence 2018Logicaltrust pl

Redteaming in Poland - test cases (Security)Logicaltrust pl

Redteaming w Polsce - przykładyLogicaltrust pl

Testy bezpieczeństwa - niesztampowe przypadkiLogicaltrust pl

Krytyczne błędy konfiguracjiLogicaltrust pl

Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...Logicaltrust pl

Devops/Sysops securityLogicaltrust pl

Devops securityLogicaltrust pl

Czy systematyczne podejście do testów bezpieczeństwa się opłaca?Logicaltrust pl

Torturing the PHP interpreterLogicaltrust pl

Socjotechnika w Internecie - metody ataku i obronyLogicaltrust pl

Wyciek danych w aplikacjach - Artur Kalinowski, 4DevelopersLogicaltrust pl

Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...Logicaltrust pl

Mehr von Logicaltrust pl (20)

Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24

Security Awareness po polsku - webinar 2019.11.29

8 zasad skutecznego security awareness

Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019

Ataki socjotechniczne w praktyce - Confidence 2019

Minerva_lib - fuzzing tool

"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018

Spear phishing - jak się bronić? Case studies - Confidence 2018

Redteaming in Poland - test cases (Security)

Redteaming w Polsce - przykłady

Testy bezpieczeństwa - niesztampowe przypadki

Krytyczne błędy konfiguracji

Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...

Devops/Sysops security

Devops security

Czy systematyczne podejście do testów bezpieczeństwa się opłaca?

Torturing the PHP interpreter

Socjotechnika w Internecie - metody ataku i obrony

Wyciek danych w aplikacjach - Artur Kalinowski, 4Developers

Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...

Kürzlich hochgeladen

一比一原版田纳西大学毕业证如何办理F

Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2

Real Men Wear Diapers T Shirts sweatshirtrahman018755

Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...kumargunjan9515

PIC Microcontroller Structure & Assembly Language.ppsxjeykeydeveloper

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos

20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu

Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney

Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney

一比一原版贝德福特大学毕业证学位证书F

"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids

💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...Sareena Khatun

20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair

Leading-edge AI Image Generators of 2024SOFTTECHHUB

Research Assignment - NIST SP800 [172 A] - Presentation.pptxi191686

2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou

一比一原版帝国理工学院毕业证如何办理F

Kürzlich hochgeladen (20)

一比一原版田纳西大学毕业证如何办理

Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

Real Men Wear Diapers T Shirts sweatshirt

Sensual Call Girls in Tarn Taran Sahib { 9332606886 } VVIP NISHA Call Girls N...

PIC Microcontroller Structure & Assembly Language.ppsx

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查

Call girls Service in Ajman 0505086370 Ajman call girls

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts

一比一原版贝德福特大学毕业证学位证书

"Boost Your Digital Presence: Partner with a Leading SEO Agency"

💚 Call Girls Bahraich 9332606886 High Profile Call Girls You Can Get The S...

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

Leading-edge AI Image Generators of 2024

Research Assignment - NIST SP800 [172 A] - Presentation.pptx

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs

一比一原版帝国理工学院毕业证如何办理

Security news vol. 6 - 20150528 - Risk & Technology Wrocław Group

1. Security News 2015.05.28 Borys Łącki b.lacki@logicaltrust.net

2. Logjam TLS - HTTPS, IPSec, VPN, SSH, POP3S, IMAPS, SMTPS Atak pozwala na wymuszenie obniżenia poziomu szyfrowania wymiany kluczy Diffiego-Hellmana do poziomu 512 bitów. https://weakdh.org/ http://zaufanatrzeciastrona.pl/post/atak-na-wymiane-kluczy-zagraza-polaczeniom-https-vpn-ssh-i-smtps/

3. http://venom.crowdstrike.com/ The bug is in QEMU’s virtual Floppy Disk Controller (FDC). This vulnerable FDC code is used in numerous virtualization platforms and appliances, notably Xen, KVM, VirtualBox, and the native QEMU client. VMware, Microsoft Hyper-V, and Bochs hypervisors are not impacted by this vulnerability.

4. https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us Once you register for the product, you can create your malware in three simple steps: 1)Enter the ransom amount. (The site takes 20% of the ransom.) 2)Enter your “cause.” 3)Submit the captcha.

5. The BACKRONYM vulnerability allows for an attacker to downgrade and snoop on the SSL/TLS connection that MySQL client libraries use to communicate to a MySQL server. http://backronym.fail/

6. https://blog.malwarebytes.org/fraud-scam/2015/05/we-need-your-support-nepal-earthquake-419-spam/ Nepal earthquake Scam

7. http://darkmatters.norsecorp.com/2015/05/04/london-railway-system-password-exposed-in-tv-documentary/ London Railway System Password Exposed in TV Documentary

8. Kontakt Borys Łącki b.lacki@logicaltrust.net