CVE-2024-39745

The CVE-2024-39745 issue affects IBM Sterling Connect:Direct Web Services versions 6.0–6.3, where weaker-than-expected cryptographic algorithms could allow an attacker to decrypt highly sensitive information. The root cause is the use of insufficient crypto strength in these releases. Impact, as ...

CVE-2024-39745 IBM Sterling Connect:Direct Web Services information disclosure

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE which is affected by CVE-2024-39745. Vulnerability Details CVEID:CVE-2024-39745 DESCRIPTION: IBM Sterling Connect:Direct Web Services uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

PT-2024-28659 · Ibm · Ibm Sterling Connect:Direct Web Services

Name of the Vulnerable Software and Affected Versions: IBM Sterling Connect:Direct Web Services versions 6.0 through 6.3 Description: The issue concerns the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations...

PT-2024-41077 · Ооо 'Нпо Мир' · Конфигуратор Контроллеров Мир +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to the use of cryptographic algorithms containing defects. An attacker can exploit this to perform a brute force attack remotely. Recommendations: At the moment, there i...

NIST Releases First Post-Quantum Encryption Algorithms

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes:...

Best Practices for Cisco Device Configuration

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protoco...

Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.

Few issues keep cybersecurity professionals up at night more than the threat of ransomware. The ubiquity of targets, the relative organization of threat actors, and their multiple paths of entry make combating ransomware particularly formidable. But there is one more facet to this threat that mak...

CVE-2024-38883

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation...

Horizon Business Services Caterease 安全漏洞

Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from the selection of less secure...

DNSJava DNSSEC Bypass

Summary Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. Details DNS Messages are not authenticated. They do not guarantee that - received RRs are authentic - not received RRs do not exist - all or any received...

[SECURITY] Fedora 40 Update: botan2-2.19.5-1.fc40

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

Unidentified Attacker “Revolver Rabbit” Uses RDGA to Register 500,000 Domains

Although not new, Registered Domain Generation Algorithms RDGAs have become a major cybersecurity threat, exploited by threat actors…...

age Plugins

age is a file encryption tool, library, and format. It lets you encrypt files to “recipients” and decrypt them with “identities”. $ age-keygen -o key.txt Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p $ tar cvz /data | age -r...

The vulnerability of Cryptographic Service Provider (CSP) and Key Storage Provider (KSP) services in Windows operating systems allows attackers to circumvent security restrictions.

The vulnerability of Cryptographic Service Provider CSP and Key Storage Provider KSP services in Windows operating systems is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions...

The vulnerability of the SCADA system “ENTEK,” related to the use of cryptographic algorithms containing defects, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system “ENTEK” is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

PT-2024-4803

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a security feature bypass in Windows Cryptographic Services, allowing a remote attacker to bypass security restrictions. The vulnerability is associated with the use...

Dell PowerScale OneFS 加密问题漏洞

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a cryptographic issue vulnerability that arises from the inclusion of the use of corrupted or risky encryption algorithms. An...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details CVEID:CVE-2023-38371 DESCRIPTION: IBM Security Access Manager uses weaker than expected cryptographic algorithms that could...

The vulnerability of the microprogramming software of Schneider Electric PowerLogic P5 relay protection devices, related to the use of cryptographic algorithms with defects, allows a intruder to cause malfunctions during maintenance, restart the device, or gain full control over the device.

The vulnerability of the microprogramming software of Schneider Electric PowerLogic P5 relay protection devices for electrical networks relates to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow attackers to cause malfunctions in the devic...