2224 matches found
GSA Bounty: SSH server compatible with several vulnerable cryptographic algorithms
An ssh-audit scan found that ssh.fr.cloud.gov supports sha1 for various purposesincluding exclusively for MAC addresses, as well as arcfour. Both of these are outdated and known vulnerable. The algorithms used are also indicative of an outdated SSH version OpenSSH 6 or Dropbear 2013. It's probabl...
The Evolution of Ransomware
While many businesses and individual users understand that ransomware isn't a new threat, many don't actually know how long this particular infection style has been utilized by hackers. The first attacks took place more than a decade ago, and since then, ransomware authors have only become more...
Intel® NUC Kit with Infineon Trusted Platform Module
Summary: Certain Intel® NUC systems contain an Infineon Trusted Platform Module TPM that has an information disclosure vulnerability as described in CVE-2017-15361. Description: Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration...
PT-2018-3641 · Openssl +11 · Openssl +11
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.1.1 through 1.1.1j MySQL Server versions 5.7.33 and earlier, 8.0.23 and earlier Description: The issue is related to a NULL pointer dereference in OpenSSL TLS servers when a maliciously crafted renegotiation ClientHello...
A Death Match of Domain Generation Algorithms
By Hongliang Liu and Yuriy Yuzifovich Originally posted on December 29, 2017 Today's post is all about DGA's Domain Generation Algorithms: what they are, why they came into existence, what are some use cases where they are used, and, most importantly - how to detect and block them. As we will...
Code injection
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559...
CVE-2017-1664
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557...
Code injection
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557...
CVE-2017-1665
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559...
CVE-2017-1664
Summary: CVE-2017-1664 affects IBM Security Key Lifecycle Manager (Tivoli Key Lifecycle Manager) versions 2.5–2.7. The root cause is use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Impact: Confidentiality of data could b...
CVE-2017-1598
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611...
Code injection
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611...
CVE-2017-1598
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611...
Lessons Learned from the Estonian National ID Security Flaw
Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be...
OpenJDK: MD5 allowed for jar verification (Security, 8171121)
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm...
OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...
FreeBSD-SA-17:11.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:11.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2017-11-29 Affects: All...
[SECURITY] Fedora 26 Update: openssl-1.1.0g-1.fc26
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...
[SECURITY] Fedora 27 Update: openssl-1.1.0g-1.fc27
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...
OpenSSL 1.1.0 < 1.1.0g Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0g. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0g advisory. - There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No E...