CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data...

CVE-2018-8856

This CVE affects Philips e-Alert Unit (non-medical device), Versions R2.1 and prior. The issue is the use of a hard-coded cryptographic key for internal data encryption (CWE-798), which enables high-severity impact. Per the connected docs, CVSS v3 base score is 9.8 (critical) with remote/network ...

OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB

Posted by Jann Horn, Google Project Zero Recently, there has been some attention around the topic of physical attacks on smartphones, where an attacker with the ability to connect USB devices to a locked phone attempts to gain access to the data stored on the device. This blogpost describes how...

Google Secretly Tracks What You Buy Offline Using Mastercard Data

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline. Google has paid Mastercard millions of dollars in...

A Quick-Start Introduction to Database Security: An Operational Approach

The recent SingHealth data breach incident exposed around 1.5 million patients’ records. In its aftermath, the Cyber Security Agency of Singapore published a set of security measures aimed at improving the protection of Personally Identifiable Information PII data. The recommended security measur...

Summer Vacation Plans? Be Safe When Connecting!

Tips to Protect Yourself While Traveling Summer travel should be a respite from work, when you relax and don’t have to worry about business. And your mobile devices can help make it easier, whether it’s booking a flight or a hotel room, ordering a cab or an Uber driver, browsing websites for your...

Ransomware and malicious crypto miners in 2016-2018

Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom usually in Bitcoins or another widely used e-currency, if they want to regain access to...

WPA3 Standard Officially Launches With New Wi-Fi Security Features

The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks. WPA, or Wi-Fi Protected Access, is a standard designed to...

Security Bulletin: Open Source GNU glibc vulnerabilities on IBM Storwize V7000 Unified (CVE-2014-7817, CVE-2014-9087)

Summary IBM Storwize V7000 Unified is shipped with GNU glibc, for which fixes are available for two security vulnerabilities. Vulnerability Details CVEID: CVE-2014-7817 DESCRIPTION: GNU C Library glibc could allow a local attacker to execute arbitrary commands on the system. An attacker could...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is using components with Known Vulnerabilities

Summary Multi-Cloud Data Encryption MDE has addressed the following vulnerability: Using components with known vulnerabilities Vulnerability Details CVEID: CVE-2017-5637 DESCRIPTION: Apache Zookeeper is vulnerable to a denial of service, caused by the improper handling of the wchp command. By...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an Information Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following information exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: PEN-TEST: Query Parameter in SSL Request CVSS Base Score: 6.5 CVSS Temporal Score: See Not Applicable for the current score CVSS...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by a Denial of service vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed following Denial of service vulnerability Vulnerability Details CVEID: CVE-2018-1589 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE does not properly restrict the size or amount of resources that are requested or influenced by an actor. This...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an SSL Query Parameter Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following query parameter exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE stores sensitive information in URL parameters. This may lead to information disclosure if...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by a missing checksum vulnerability

Summary Security Bulletin: Multi-Cloud Data Encryption MDE has addressed a missing checksum vulnerability Vulnerability Details CVEID: CVE-2018-1593 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE could allow an unauthorized user to manipulate data due to missing file checksums. CVSS Base Score:...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an application error.

Summary Security Bulletin: Multi-Cloud Data Encryption MDE has addressed the following application error vulnerability. Vulnerability Details CVEID: CVE-2018-1591 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE generates an error message that includes sensitive information about its environment,...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an Insufficient Session Expiration vulnerability.

Summary Multi-Cloud Data Encryption MDE has addressed the following Insufficient Session Expiration vulnerability. Vulnerability Details CVEID: CVE-2018-1590 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE does not invalidate session tokens in a timely manner. The lack of proper session expirati...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information (CVE-2016-2861, CVE-2016-0400)

Summary Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information. Vulnerability Details CVEID: CVE-2016-2861 DESCRIPTION: IBM WebSphere eXtreme Scale uses weaker than expected security to encrypt data which could allow an attacker that is able to capture...

MyHeritage Says Over 92 Million User Accounts Have Been Compromised

MyHeritage, the Israel-based DNA testing service designed to investigate family history, has disclosed that the company website was breached last year by unknown attackers, who stole login credentials of its more than 92 million customers. The company learned about the breach on June 4, 2018, aft...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest...