Code injection

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

CVE-2018-7498

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

CVE-2018-7498

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

CVE-2018-7498

Philips Alice 6 System (R8.0.3 or prior) is affected by CVE-2018-7498 due to missing encryption of sensitive data (CWE-311), impacting confidentiality/integrity not properly protected. Update to R8.0.4 to remediate; apply network security controls and follow ICS-CERT guidance for defense-in-depth.

Philips Alice 6 Missing Encryption Sensitive Data Vulnerability

The Philips Alice 6 is a polysomnographic monitoring system PSG designed to record, display and print physiologic information for clinicians/physicians. The Philips Alice 6 suffers from a lack of encryption of sensitive data vulnerability that stems from a lack of proper data encryption that woul...

Samsung Display Solutions App for Android Man-in-the-Middle Attack Vulnerability

Samsung Display Solutions App for Android is an Android-based mobile application developed by Samsung South Korea for viewing Samsung display devices. A security vulnerability exists in versions of the Samsung Display Solutions App for Android prior to version 3.02, which arises from the program'...

2018 Cyberthreat Defense Report: Where IT Security Is Going

What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To)

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...

How your enterprise applications could be putting your company at risk

The typical company, large or small, depends on a number of different enterprise applications in order to ensure that employees can complete critical, daily tasks. Apps like those for enterprise resource planning, customer relationship management, screen and file sharing have become commonplace i...

CVE-2017-3762

Lenovo Fingerprint Manager Pro (Windows 7/8/8.1) versions 8.01.86 and earlier store sensitive data (Windows logon credentials, fingerprint data) with weak encryption and a hard-coded password, accessible to all local non-administrative users. This CVE-2017-3762 entry is addressed by Lenovo’s advi...

CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

Overview of rapid cyberattacks

Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attack...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

Wi-Fi Alliance launches WPA3 protocol with new security features

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access WPA3. WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices eve...

CVE-2017-17878

An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES aka the CONFIGFEATUREDEFAULTPASSWDALGO="des" setting...

OpenSSL Security Bypass Vulnerability (Dec 2017) - Linux

OpenSSL is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

Recam Redux - DeConfusing ConfuserEx

This post is authored by Holger Unterbrink and Christopher MarczewskiOverviewThis report shows how to deobfuscate a custom .NET ConfuserEx protected malware. We identified this recent malware campaign in our Advanced Malware Protection AMP telemetry. Initial infection is via a malicious Word...