This week, a group of university researchers disclosed a new vulnerability affecting the Diffie-Hellman key exchange. The Diffie-Hellman (DH) key exchange is a cryptographic method for two systems to establish a shared secret over a public communication channel, which they later use to encrypt their communications. Many encryption protocols, including HTTPS, SMTPS, IPSec VPN, … [Read more...]
Search Results for: encrypted traffic
Log4j Becomes The Highest Detected Vulnerability Days After Release
Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized threat intelligence data from their Fireboxes. This limited data, along with our analysis, gives us a unique opportunity to review some of the … [Read more...]
Active Compromises of vCenter Using The Log4J Vulnerability
Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen activity from this exploit to install coin miners. In one of the first targeted cases for this vulnerability, a ransomware gang have exploited … [Read more...]
Don’t Let Kr00k Bend You Out of Shape
Byline to Matthew Terry Kr00k, a recent vulnerability found by Eset, causes devices sending traffic over Wi-Fi to send unencrypted data, like in the KRACK vulnerability. While a separate vulnerability, KRACK exploits devices by installing an all-zero encryption key, among other vulnerabilities, whereas Kr00k exploits a timing issue where the client or access … [Read more...]
Pew Research Spreading Misinformation
Pew Research recently asked adults in the US some basic digital knowledge questions as a part of a research study. Out of 10 questions asked, only 20% scored 70% or higher with correct answers. There are some concerns about the questions Pew used though. While the survey asks some good questions, one of the questions doesn’t relate to digital knowledge. It asks to identify a … [Read more...]