Microsoft Windows CryptoAPI has an unspecified vulnerability

Microsoft Windows CryptoAPI is a cryptographic compiler added to the Windows operating system by Microsoft Corporation. As an important foundation for data encryption and decryption functions, CryptoAPI supports synchronous and asynchronous key encryption processing, as well as the management of...

Apache Shiro Authentication Bypass Vulnerability (CNVD-2022-68497)

Apache Shiro is a Java security framework with authentication, access authorization, data encryption, session management, etc. An authentication bypass vulnerability exists in Apache Shiro, which is caused when requests are forwarded or requests are included via the RequestDispatcher interface, a...

Microsoft Windows CryptoAPI 安全漏洞

Microsoft Windows CryptoAPI is a cryptographic compiler added to the Windows operating system by Microsoft Corporation. As an important foundation for data encryption and decryption functions, CryptoAPI supports synchronous and asynchronous key encryption processing, as well as the management of...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2432)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware

A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zurich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegi...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2300)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

Moisha Ransomware spotted launching highly targeted attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Moisha ransomware based on .Net was first mentioned in mid-August, along with the PTMOISHA team, the threat actor behind it. This ransomware was developed to carry out very targeted attacks, as indicated...

openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

Twitter Whistleblower Complaint: The TL;DR Version

A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former employer for its alleged shoddy security practices and being out of compliance with an FTC order to protect user data. Twitter has...

AlmaLinux 8 : openssl (5818) (ALSA-2022:5818)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in...

Five Data Security Controls and Processes you Must Bring to Cloud-native Infrastructures

Too frequently, there are significant misunderstandings in organizations with regard to who has the responsibility to protect cloud-hosted data. In Imperva’s recent report, A Data-Centric Cybersecurity Framework for Digital Transformation, IT analyst and author Richard Stiennon explains what...

Oracle Linux 8 : openssl (ELSA-2022-9683)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9683 advisory. - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Fix CVE-2022-1292: openssl: crehash script allows...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, its very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids ha...

What is ransomware and how can you defend your business from it?

Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid. Ransomware attacks can target either the data held on computer systems known as...

Oracle Linux 8 : openssl (ELSA-2022-5818)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5818 advisory. - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Fix CVE-2022-1292: openssl: crehash script allows...

[SECURITY] Fedora 35 Update: gnupg1-1.4.23-18.fc35

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

IBM Security Verify Information Queue Trust Management Issue Vulnerability

IBM Security Verify Information Queue is an integration product from IBM of America, Inc. IBM Security Verify Information Queue version 10.0.2 is vulnerable to a trust management issue stemming from its use of hard-coded credentials used for inbound authentication, outbound communication to...

CVE-2022-29960

Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an engineering environment for the ControlWave and Bristol Babcock line of RTUs. DES with hardcoded cryptographic keys is used for protection of certain system credentials, engineering files, and sensitive utilities...

Demo: Your data has been encrypted! Stopping ransomware attacks with Malwarebytes EDR

It’s no secret that ransomware is one of the most pressing cyber threats of our day. What worse, ransomware gangs have increased their attacks on a range of vulnerable industries, with disruptions to business operations, million-dollar ransom demands, data exfiltration, and extortion. With...