CVE-2023-2747 Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

PT-2023-21148 · Silabs.Com +1 · Gsdk +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized. This issue affects the encryption process, potentially...

CLSA-2023-1685971623 Fix CVE(s): CVE-2022-45141

SECURITY UPDATE: Samba AD DC using Heimdal can be forced to issue rc4-hmac encrypted Kerberos tickets - debian/patches/CVE-2022-45141.patch: fix TGS ticket enc-part key selection and check-des - CVE-2022-45141...

Security Bulletin: IBM Guardium Data Encryption (GDE) has multiple security vulnerability (CVE-2023-26272,CVE-2023-26271,CVE-2023-26270)

Summary Multiple security vulnerabilities in Guardium Data EncryptionGDE CVE-2023-26272,CVE-2023-26271,CVE-2023-26270. Please apply the latest version for the fixes. Vulnerability Details CVEID:CVE-2023-26272 DESCRIPTION: IBM Security Guardium Data Encryption could allow a remote attacker to obta...

PT-2023-6903 · Ibm · Ibm Security Guardium Data Encryption +1

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM version 1.10.3 Description: The issue is caused by an angular template injection flaw, allowing a remote attacker to execute arbitrary code on the system by sending a...

New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks

Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. "Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition ...

A New CrossLock Ransomware Threat with Cross-Platform Capabilities and Double Extortion Techniques

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CrossLock ransomware, implemented in Go programming language, uses double extortion technique to encrypt and exfiltrate data, posing a significant threat to businesses and organizations. To receive...

Payment giant's point-of-sale outage caused by ALPHV ransomware

On April 12, 2023, payment giant NCR reported it was looking into an issue with its point-of-sale POS systems that caused an outage, leaving customers unable to use the system. The NCR Aloha POS systems are popular in hospitality services. Customers include Wendys, Chuck e Cheese, Cafe Rio, Leean...

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Max Kersten · April 13, 2023 The underground intelligence was obtained by N074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang, previously known for their e-crim...

CVE-2023-1768 Symmetric agent data encryption fails silently

Inappropriate error handling in Tribe29 Checkmk = 2.1.0p25, = 2.0.0p34, = 2.2.0b3 beta, and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations...

Checkmk 安全漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk that stems from an error mishandling that causes symmetric encryption of proxy data to fail and transmit data in plaintext. The following products and versions are affected: Tribe29 Checkmk 2.1.0p25 and earlier, 2.0.0p34 and earlier...

New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP...

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent in the past year, and 1 in 40 organizations...

K23605974: OpenSSL vulnerability CVE-2022-2097

Security Advisory Description AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...

Security Bulletin: IBM Security Guardium Data Encryption is using Components with Known Vulnerabilities (CVE-2022-31129, CVE-2022-24785)

Summary IBM Security Guardium Data Encryption is using components with known vulnerabilities. Please upgrade to latest version of CT-VL having the fixes. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression...

SUSE CVE-2008-3188

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords...

SUSE CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

SUSE CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

SUSE CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...