KeePass vulnerability allows attackers to access the master password

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the...

CVE-2022-28764

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...

Security Bulletin: IBM Maximo Anywhere applications have no binary obfuscation

Summary IBM Maximo Anywhere applications have no binary obfuscation of source code allowing the applications to be de-compiled. Vulnerability Details CVEID: CVE-2019-4352 DESCRIPTION: IBM Maximo Anywhere applications could allow obfuscation of the application source code. CVSS Base score: 2.4 CVS...

SUSE SLES15 Security Update : kernel (Live Patch 24 for SLE 15) (SUSE-SU-2022:0237-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0237-1 advisory. - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instruction...

SUSE-SU-2022:0243-1 Security update for the Linux Kernel (Live Patch 23 for SLE 15)

This update for the Linux Kernel 4.12.14-15069 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3969-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3969-1 advisory. - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...

CVE-2020-28952

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely...

Google Advises Android Developers to Encrypt App Data On Device

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...

CVE-2018-8566

A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers...

Microsoft Windows Security Bypass and Latest Servicing Stack Updates-Defense in Depth (KB4465663)

This host is missing an important security update according to Microsoft KB4465663. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft Windows Security Bypass and Latest Servicing Stack Updates-Defense in Depth (KB4465664)

This host is missing an important security update according to Microsoft KB4465664. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft Windows Security Bypass and Latest Servicing Stack Updates- Defense in Depth (KB4465661)

This host is missing an important security update according to Microsoft KB4465661. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft Windows Security Bypass and Latest Servicing Stack Updates-Defense in Depth (KB4465659)

This host is missing an important security update according to Microsoft KB4465659. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft Windows Security Bypass and Latest Servicing Stack Updates-Defense in Depth (KB4465660)

This host is missing an important security update according to Microsoft KB4465660. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Servicing stack update for Windows Server 2016, version 1709 and Windows 10, version 1709: November 13, 2018

Servicing stack update for Windows Server 2016, version 1709 and Windows 10, version 1709: November 13, 2018 Summary A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit...

Servicing stack update for Windows Server, version 1803 and Windows 10, version 1803: November 13, 2018

Servicing stack update for Windows Server, version 1803 and Windows 10, version 1803: November 13, 2018 Summary A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit this...

A large number of Bluetooth devices and systems will be protected by encryption Vulnerability CVE-2018-5383 impact-vulnerability warning-the black bar safety net

Recently, a security research expert in a certain Bluetooth device is found in a high-risk encryption Vulnerability CVE-2018-5383, and an unauthenticated attacker in physical proximity to the target device, this vulnerability will allow them to intercept, monitor or tamper with equipment of the...

Hijacking Philips Hue

We were filming a smart home hacking piece on the 5th May this year. Like most home users, the Wi-Fi PSK wasn’t strong enough, so we cracked it and joined the network. The user had a Philips Hue lighting system. None of us here had looked at Hue before - we made an assumption after the previous...

Error "Set device encryption on device to use this app" on Android device

Apps install correctly and no issues are shown on the server. However, while opening the app on the device, the message "Set device encryption on your device to use this app " is displayed. The device storage is encrypted still we see this issue...

Secure Boot Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Windows Secure Boot improperly loads a boot manager that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded...