CVE-2018-7242

The CVE-2018-7242 issue affects Schneider Electric’s Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers (communication modules) across all versions. The root cause is a weak cryptographic practice in password encryption where the hash algorithm is vulnerable to hash collis...

CVE-2018-7242

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks...

TLS 1.3 support is coming this spring

While March brings NCAA Madness, this year it also brought TLS 1.3, which will be coming to all Akamai customers soon! Let's give some background. TLS 1.3 is latest revision of the TLS protocol. It is also known by its older name, SSL. It is the protocol used for all secure HTTP connections on th...

[SECURITY] Fedora 26 Update: openssl-1.1.0h-1.fc26

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 28 Update: openssl-1.1.0h-2.fc28

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 27 Update: openssl-1.1.0h-1.fc27

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Code injection

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

CVE-2017-1571

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853...

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

CVE-2017-1571

CVE-2017-1571 affects IBM DB2 for Linux, UNIX and Windows (including DB2 Connect Server) versions 9.7, 10.1, 10.5 and 11.1. The weakness is weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM’s IBM X-Force ID: 131853. Connected I...

CVE-2018-1428

CVE-2018-1428 is discussed in IBM GSKit-related security bulletins. The vulnerability arises from weaker-than-expected cryptographic algorithms in IBM GSKit, which could permit an attacker to decrypt highly sensitive information. The connected IBM documents assign a base score of 6.2 (CVSS v3) fo...

[SECURITY] Fedora 26 Update: cryptopp-5.6.5-2.fc26

Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...

Encryption 101: How to break encryption

Continuing on in our Encryption 101 series, where we gave a malware analyst's primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some...

[SECURITY] Fedora 26 Update: python-crypto-2.6.1-22.fc26

PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...

Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

Cryptojackers are getting resourceful and have figured out how to bypass ad-blocking software and deliver the Coinhive JavaScript miner via browser-based ads. Researchers at Qihoo’s Netlab 360 said it recently spotted an advertising network that was using what is called a domain generation...

[SECURITY] Fedora 27 Update: python-crypto-2.6.1-22.fc27

PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...

Code injection

IBM Security Guardium Big Data Intelligence SonarG 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003...

CVE-2018-1425

IBM Security Guardium Big Data Intelligence SonarG 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003...

VIDEO: Unfiltered Endpoint Data – A Platform For Consolidated Endpoint Management

A PLATFORM FOR CONSOLIDATED ENDPOINT MANAGEMENT In our last post of this series, we talked about the key to better endpoint threat detection. It’s all about the data you collect. Across the board, endpoint security solutions use pre-defined signatures or rules to detect threats — only conducting...