VLC for iOS was vulnerable to an unauthenticated insecure direct object reference vulnerability allowing for an attacker to compromise media. This issue was patched in the March, 2020 release.

Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

Secunia Security Advisory - A vulnerability has been reported in MirBSD Korn Shell, which can be exploited by malicious, local users to gain escalated privileges.

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

WebSploit is an advanced man-in-the-middle framework.

EnumJavaLibs is a tool that can be used to discover which libraries are loaded (i.e. available on the classpath) by a remote Java application when it supports deserialization.

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.

XMB - eXtreme Message Board version 1.9.11.13 suffers from weak crypto and insecure password storage vulnerabilities.

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.

Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

Debian Linux Security Advisory 4296-1 - Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks.

Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.

The Call For Papers has been announced for REVULN 19Q4, an international cyber-security conference taking place December 11th and 12th, 2019 in Hong Kong at the Best Western Plus Hotel Hong Kong.

The No cON Name 2019 call for papers has been announced. It will be held in Barcelona, Spain, from November 14th and 15th, 2019.

BSidesLisbon 2019 has announced its call for papers. It will be held November 28th and 29th at Auditorio FMD-UL.

The ZeroNights 2019 Call For Papers has been announced. It will be held in Saint-Petersburg, Russia November 12th through the 13th, 2019.

RootedCON is a technology congress that will be held in Madrid (Spain) March 5th through the 7th, 2020. With an estimated seating from 2,000 and 2,500 people, is the most relevant specialized congress that is held in the country, and one of the most relevant in Europe, with attendee profiles ranging from students, Law Enforcement Agencies to professionals in the technology and information security market and, even, just passionate people.

The c0c0n 2020 Middle East call for papers has been announced. It will take place June 15th through the 18th, 2020 at the St. Regis in Abu Dhabi.

B-Sides Ljubljana will be held April 4th, 2020 in Ljubljana, Slovenia.

The 16th CarolinaCon will be hosted in Charlotte at the Embassy Suites April 10th through the 11th, 2020.

Call For Papers for Positive Hack Days 10 which will take place in Moscow, Russia May 13th through the 14th, 2020.

LeHACK 2020 is a yearly rendezvous where hackers and aficionados are meeting with both technical and non-technical talks and workshops about hacking. It is a great place to discover, to learn, to teach and be taught in the magical city of Paris. LeHACK 2020 will be held in La Cite des Sciences et de l'Industire in Paris, France from June 26th through the 27th, 2020.

REVULN 20x1 is an international conference taking place the April 28th through the 30th, 2020 in Metro Manila (Philippines) at the RED Hotel Cubao.

REVULN 20x2 is an international conference taking place the June 25th through the 26th, 2020 in St. Paul's Bay (Malta) at the Hotel Santana.

BSides Brussels is a security conference in Brussels, Belgium, with talks, workshops and villages. The goal is to strengthen the exchange of knowledge, cooperation, communication, and integration between the different actors active in the IT security industry. We are pleased to announce that the first edition of BSides Brussels will be held on May 28th, 2020.