NIST Draft Document on Post-Quantum Cryptography Guidance

NIST has released a draft of Special Publication1800-38A: "Migration to Post-Quantum Cryptography: Preparation for Considering the Implementation and Adoption of Quantum Safe Cryptography." Its only four pages long, and it doesnt have a lot of detail--more "volumes" are coming, with more...

CVE-2023-27557

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

CVE-2023-27557

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

Design/Logic Flaw

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

SHA-1 chosen prefix collision

Lines of code Vulnerability details Impact An attacker can claim DNS names signed with SHA-1 algorithms 5 and 7 which he does not own. Proof of Concept SHA-1 has been broken for chosen prefix collision. This means that an attacker can have his parent domain, if it signs with SHA-1, sign an RRset...

PT-2023-21201 · Ibm · Ibm Counter Fraud Management For Safer Payments

Name of the Vulnerable Software and Affected Versions: IBM Counter Fraud Management for Safer Payments versions 6.1.0.00 through 6.1.1.02 IBM Counter Fraud Management for Safer Payments versions 6.2.0.00 through 6.2.2.02 IBM Counter Fraud Management for Safer Payments versions 6.3.0.00 through...

Security Bulletin: TLS 1.0 and TLS 1.1 is enabled in IBM Safer Payments (CVE-2023-27557)

Summary IBM Safer Payments had older TLS 1.0 and TLS 1.1 protocols enabled by default. These protocols are now disabled. Vulnerability Details CVEID:CVE-2023-27557 DESCRIPTION: IBM Counter Fraud Management for Safer Payments uses weaker than expected cryptographic algorithms that could allow an...

Gaining an Advantage in Roulette

You can beat the game without a computer: On a perfect roulette wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel thats even marginally tilted could develop what Barnett called a drop zone. When the tilt forces the ball to...

Linux: BSI TR-02102-4 Encryption Algorithms

Recommended SSH encryption ciphers from TR-02102-4. Per the recommendations, AEADAES128GCM or AEADAES256GCM should be utilized when possible. Note: This check fails if any algorithms are found that are not specified in the VT preferences. The default list is based on the recommendations...

RLSA-2023:1569 Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-22313 DESCRIPTION: IBM QRadar Dat...

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not be...

ALSA-2023:1569 Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

Updated snort packages fix security vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker...

RLSA-2023:0946 Important: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: read buffer overflow in...

The vulnerability of GnuPG’s information encryption and digital signatures software lies in its weak encryption methods, allowing attackers to gain access to confidential data.

The vulnerability of GnuPG’s information encryption and digital signatures lies in the use of weak encryption algorithms. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-PyJWT (SUSE-SU-2023:0794-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0794-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms...

TicketUtils: Number draws are not uniformly distributed

Lines of code Vulnerability details The number selection algorithm in TicketUtils.reconstructTicket "draws" winning numbers using modulo arithmetic and a random seed. However, selected numbers are not uniformly distributed. Due to modulo bias and successive draw logic, higher numbers will be draw...

Debian: Security Advisory (DLA-773-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...