PT-2021-9115 · Ibm · Ibm Security Guardium Data Encryption

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Data Encryption GDE version 3.0.0.2 Description: The issue allows for potential information disclosure due to sensitive information being stored in URL parameters. This could be accessed by unauthorized parties through...

PT-2021-9116 · Ibm · Ibm Security Guardium Data Encryption

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Data Encryption GDE version 3.0.0.2 Description: The issue concerns the specification of permissions for a security-critical resource, allowing it to be read or modified by unintended actors. Recommendations: For version...

IBM Security Guardium Data Encryption 访问控制错误漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An improper privilege control vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

IBM Security Guardium 加密问题漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

PT-2021-9113 · Ibm · Ibm Security Guardium Data Encryption

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Data Encryption GDE version 3.0.0.2 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: F...

IBM Security Guardium Data Encryption (GDE) 信息泄露漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An information disclosure vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. The vulnerability...

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...

Schneider Electric Modicon M221 Programmable Logic Controller

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...

7 Simple Ways to Make Your Android Phone More Secure

Here's how to lock down your data and stop others from snooping on your personal information...

libssh: denial of service when handling AES-CTR (or DES) ciphers

A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual...

Campari Site Suffers Ransomware Hangover

Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...

ALSA-2020:4490 Moderate: gnupg2 security, bug fix, and enhancement update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 2.2.20. BZ1663944 Security Fixes: GnuPG: interaction between the sks-keyserv...

Ransomware Impacting Pipeline Operations

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK™ framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems ICS frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and...

Ransomware Takes Down Network of French IT Giant

French IT giant Sopra Steria was hit with a cyber attack this week that disrupted the business of the firm and is widely believed to be the work of the threat actors behind Ryuk ransomware. The company revealed the attack in a brief press statement released Oct. 22, two days after officials said...

CVE-2020-11031

CVE-2020-11031 affects GLPI prior to 9.5.0 where the encryption algorithm is insecure and data security relies on user-chosen password strength. An attacker could decrypt data if a weak/predictable password is used. The issue is addressed in GLPI 9.5.0 by switching to a more secure library (sodiu...

CVE-2020-4622

IBM Data Risk Manager iDNA 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983...

IBM Security Guardium Data Encryption (GDE) Information Disclosure Vulnerability (CNVD-2020-49511)

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An information disclosure vulnerability exists in IBM Security Guardium Data Encryption GDE 3.0.0.2. An attacker...

IBM Security Guardium Data Encryption (GDE) Arbitrary Command Execution Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An arbitrary command execution vulnerability exists in IBM Security Guardium Data Encryption GDE 3.0.0.2, which ca...

IBM Security Guardium Data Encryption (GDE) Cross-Site Scripting Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A cross-site scripting vulnerability exists in IBM Security Guardium Data Encryption GDE 3.0.0.2, which can be...