CVE-2018-5559

Affected software: Rapid7 Komand prior to 0.42.0. Vulnerability: information disclosure via endpoints that list always encrypted-at-rest connection data, potentially returning un-obscured sensitive data in the API response sent over an encrypted channel. Root cause (as stated): endpoints could ex...

Half of all Phishing Sites Now Have the Padlock

Maybe you were once advised to "look for the padlock" as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address...

CVE-2018-12037

CVE-2018-12037 affects self-encrypting drives (TCG Opal/ATA‑based) where there is no cryptographic binding between the user password and the Disk Encryption Key, enabling full data access by someone with privileged access to the drive controller in ATA High mode. Affected devices per the sources ...

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to...

CVE-2018-1742

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...

Hardcoded credentials

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 148421...

CVE-2018-15753

An issue was discovered in the MensaMax aka com.breustedt.mensamax application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password...

CVE-2018-1593

IBM Multi-Cloud Data Encryption MDE 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568...

Design/Logic Flaw

IBM Multi-Cloud Data Encryption MDE 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568...

CVE-2018-1593

IBM Multi-Cloud Data Encryption MDE 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. IBM X-Force ID: 143568...

CVE-2018-1593

CVE-2018-1593 affects IBM Multi-Cloud Data Encryption (MDE) 2.1. The vulnerability stems from missing file checksums, enabling an unauthorized user to manipulate data. Affected versions are MDE 2.1–2.1.0.1. IBM’s bulletin lists remediation: upgrade to MDE 2.1.0.2 (Multiplatform English via Passpo...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

This CVE affects Philips e-Alert Unit (non-medical device), Versions R2.1 and prior. The issue is the use of a hard-coded cryptographic key for internal data encryption (CWE-798), which enables high-severity impact. Per the connected docs, CVSS v3 base score is 9.8 (critical) with remote/network ...

OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB

Posted by Jann Horn, Google Project Zero Recently, there has been some attention around the topic of physical attacks on smartphones, where an attacker with the ability to connect USB devices to a locked phone attempts to gain access to the data stored on the device. This blogpost describes how...

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in...

A Quick-Start Introduction to Database Security: An Operational Approach

The recent SingHealth data breach incident exposed around 1.5 million patients’ records. In its aftermath, the Cyber Security Agency of Singapore published a set of security measures aimed at improving the protection of Personally Identifiable Information PII data. The recommended security measur...

Summer Vacation Plans? Be Safe When Connecting!

Tips to Protect Yourself While Traveling Summer travel should be a respite from work, when you relax and don’t have to worry about business. And your mobile devices can help make it easier, whether it’s booking a flight or a hotel room, ordering a cab or an Uber driver, browsing websites for your...

Ransomware and malicious crypto miners in 2016-2018

Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom usually in Bitcoins or another widely used e-currency, if they want to regain access to...