How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphon...

[SECURITY] Fedora 32 Update: openssl-1.1.1k-1.fc32

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Fedora: Security Advisory for openssl (FEDORA-2021-cbf14ab8f9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for openssl (FEDORA-2021-cbf14ab8f9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: openssl-1.1.1k-1.fc34

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

openssl: NULL pointer dereference in signature_algorithms processing

A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...

[SECURITY] Fedora 33 Update: openssl-1.1.1k-1.fc33

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

ALPINE-CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

UBUNTU-CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...

CVE-2021-21339 Cleartext storage of session identifier

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited...

CVE-2021-21339

CVE-2021-21339 affects TYPO3, a PHP-based CMS. The issue is that user session identifiers were stored in cleartext in versions prior to 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, and 11.1.1. The root cause is storage of session identifiers without additional cryptographic hashing, and exploitation ...

CVE-2020-4831

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965...

Code injection

IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 189965...

CVE-2020-4831

CVE-2020-4831 affects IBM DataPower Gateway 10.0.0.0–10.0.1.0, where weaker than expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. Connected IBM advisories confirm the vulnerability in DataPower Gateway and provide remediation: upgrade to IBM DataP...

GitHub Security Lab: [Java] CWE-327: Add more broken crypto algorithms

This bug was reported directly to GitHub Security Lab...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2021-0086)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggest...

Security Bulletin: IBM Security Verify Bridge uses relatively weak cryptographic algorithms in two of its functions (CVE-2021-20441)

Summary In two instances, IBM Security Verify Bridge ISVB uses a relatively weak cryptographic algorithm. 1 If no transport layer security TLS preference is specified, ISVB defaults to TLS 1.0 which has known vulnerabilities. 2 When generating a random number during LDAP bind authentication, ISVB...

Akamai Startup Program: Fostering Innovation

Akamai, the intelligent edge platform for securing and delivering digital experiences, continues to focus on innovation by launching Cohort 2 of the Akamai Startup program. Started in India in 2019, the Akamai Startup program leverages the startup ecosystem to drive Akamai's strategic priorities...

McAfee ATR Thinks in Graphs | McAfee Blogs

ARCHIVED STORY McAfee ATR Thinks in Graphs By Valentine Mairet · MAR 08, 2021 · 19 MIN READ 0. Introduction John Lambert, a distinguished researcher specializing in threat intelligence at Microsoft, once said these words that changed perspectives: “Defenders think in lists. Attackers think in...