CVE-2023-50937 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117...

CVE-2023-50939 IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129...

“You have blood on your hands.” Senate Committee calls for action by social media giants to protect children online

In an unusually emotional and unified setting, the Senate Judiciary Committee found common ground for the need to protect children online yesterday. On January 31, 2024, the CEOs of the most widely used social media platforms appeared before the Committee. Meta’s Mark Zuckerberg, Xs Linda...

Improving Cybersecurity: Different Certifications Explained

In the ever-evolving landscape of cybersecurity, the choice of cryptographic algorithms and certificates plays a pivotal role in ensuring the confidentiality and integrity of sensitive information. While traditional methods such as the RSA public-key cryptosystem have been the cornerstone of secu...

ChatGPT accused of breaking data protection rules

Italys Data Protection Authority GPDP has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence AI chatbot that can engage in conversatio...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Improper Certificate Validation

meshcentral is vulnerable to Improper Certificate Validation. The vulnerability is due to the disabling of certificate verification in HTTPS connections by setting rejectUnauthorized to false, and utilizing outdated and insecure TLS versions known for security weaknesses; also use of algorithms...

ALSA-2024:0627 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0553 For more details about the security issues, including the impact,...

CentOS 8 : libssh (CESA-2024:0628)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0628 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0553 For more details about the security issues, including the impact,...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the RSA-PSK authentication CVE-2023-5981 gnutls: incomplete fix for CVE-2023-5981...

USN-6598-1 paramiko vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption

The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver BYOVD attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows...

Moderate: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Timing Attack

github.com/kudelskisecurity/crystals-go is vulnerable to Timing Attack. The vulnerability is caused due to variations in the execution time of cryptographic algorithms, which allows an attacker to gain information about the secret key...

Debian dsa-5600 : php-phpseclib - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5600 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5600-1...

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-2966)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...

gnutls security update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...