IBM Security Guardium Data Encryption加密问题漏洞

IBM Security Guardium Data Encryption is a software for securing sensitive data within organizations from IBM, U.S.A. A security vulnerability exists in IBM Security Guardium Data Encryption, which stems from the use of weaker than expected encryption algorithms for data encryption, which could b...

Security Bulletin: IBM MQ Appliance vulnerability in TLS (CVE-2020-4831)

Summary IBM MQ Appliance has resolved a TLS vulnerability first reported against the IBM DataPower Gateway. Vulnerability Details CVEID: CVE-2020-4831 DESCRIPTION: IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to...

Fired by algorithm: The future’s here and it’s a robot wearing a white collar

Black Mirror meets 1984. Imagine that your employer uses a bot to keep track of your “production level.” And when this bot finds that you are an under-performer it fires off a contract-termination mail. Does this sound like the world you live in? Unfortunately, for some people it is. The case...

The vulnerability of the ntpkeygen component in the NTPsec network time protocol allows a attacker to perform a type of “man-in-the-middle” attack.

The vulnerability of the ntpkeygen component in the NTPsec network time protocol implementation is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to perform a “man-in-the-middle” attack between NTP clients a...

Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...

SUSE: Security Advisory (SUSE-SU-2021:1980-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei Data Communication: Disabling Insecure Algorithms on the SSH Server/Client

Checks the algorithm configuration. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

CVE-2021-20566

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238...

CVE-2021-20566

CVE-2021-20566 concerns IBM Resilient OnPrem (IBM Security SOAR) where TLS1.2 ciphers not enabled for Perfect Forward Secrecy allow potential decryption of sensitive data if an attacker records traffic. The IBM security bulletin notes the vulnerability stems from weaker cryptographic algorithms; ...

nettle: Out of bounds memory access in signature verification

A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...

Security Bulletin: IBM DataPower Gateway vulnerability in TLS (CVE-2020-4831)

Summary IBM has addressed CVE-2020-4831 Vulnerability Details CVEID: CVE-2020-4831 DESCRIPTION: IBM DataPower Gateway uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5.9 CVSS Temporal Score: See:...

Security Bulletin: IBM DataPower Gateway is affected by a vulnerability (CVE-2018-1665)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2018-1665 Vulnerability Details CVEID: CVE-2018-1665 DESCRIPTION: IBM DataPower Gateways uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base...

The vulnerability of the IBM Security Guardium security tool lies in the use of cryptographic algorithms that contain defects and risks, allowing attackers to gain unauthorized access to the protected information.

The vulnerability of the IBM Security Guardium security tool is related to the use of cryptographic algorithms that contain defects and risks. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...

8x8: [jitsi-meet] Authentication Bypass when using JWT w/ public keys

A Prosody module allows the use of symmetrical algorithms to validate JWTs. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. There are no known incidents related to this vulnerability. Please refer to the published advisory:...

Design/Logic Flaw

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

CVE-2021-20419

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280...

CVE-2021-20419

CVE-2021-20419 affects IBM Security Guardium 11.2. The described issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information (CVE-2021-20419; IBM X-Force ID 196280). Affected products/versions include Guardium 11.2; IBM lists multipl...

A week in security (May 17 – May 23)

Last week on Malwarebytes Labs, we looked at a banking trojan full of nasty tricks, explained some tips and pointers for using VirusTotal, and dug into how an authentication vulnerability was patched by Pega Infinity. We also explored how a Royal Mail phish deploys evasion tricks to avoid analysi...

Apple macOS SMB server signature verification information disclosure vulnerability

Summary An information disclosure vulnerability exists in the SMB Server Apple macOS 11.1. A specially crafted SMB packet can trigger an integer overflow, leading to information disclosure, cryptographic check bypass and denial of service. This vulnerability can be triggered by sending a maliciou...

CyberBattleSim - An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments

CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI G...