604 matches found
5 Best Qualys Replacement Solutions Reviewed
Knowing you have vulnerabilities is one thing; knowing if your defenses can actually stop an attack is another. Traditional vulnerability scanners tell you where the holes are, but they don't tell you if your security controls are configured correctly or if they'll perform under pressure. This is...
CVE-2025-10010
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...
CVE-2025-10010
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...
EUVD-2025-208086
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...
CVE-2025-10010 Integrity Validation Bypass in CryptoPro Secure Disk for BitLocker
The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located on a separate unencrypted partition which can be reached by anyone with access to the hard disk. Multiple...
CVE-2025-10010
The CVE affects the CPSD CryptoPro Secure Disk: during boot, a small Linux OS validates integrity via IMA, but configuration files are not validated by IMA. This can allow an attacker with physical access to alter config files on the unencrypted partition, enabling arbitrary code execution as roo...
CPSD CryptoPro Secure Disk 安全漏洞
CPSD CryptoPro Secure Disk is a transparent disk encryption software developed by CPSD. There is a security vulnerability in CPSD CryptoPro Secure Disk. This vulnerability stems from the fact that configuration files in the Linux operating system’s integrity checks are not verified through the...
A Real-Time Approach to Autonomous CAN Bus Reverse Engineering
This paper introduces a real-time method for reverse engineering a vehicle's CAN bus without prior knowledge of the vehicle or its CAN system. By comparing inertial measurement and CAN data during significant vehicle events, the method accurately identified the CAN channels associated with the...
Applying Public Health Systematic Approaches to Cybersecurity: The Economics of Collective Defense
The U.S. public health system increased life expectancy by more than 30 years since 1900 through systematic data collection, evidence-based intervention, and coordinated response. This paper examines whether cybersecurity can benefit from similar organizational principles. We find that both domai...
RLSA-2026:2225 Critical: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...
OPENSUSE-SU-2026:10170-1 keylime-ima-policy-0.2.8+116-1.1 on GA media
These are all security issues fixed in the keylime-ima-policy-0.2.8+116-1.1 package on the GA media of openSUSE Tumbleweed...
GO-2026-4430 EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve
EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve...
PT-2026-6531
EVE Doesn't Measure Config Partition From 2 Fronts in github.com/lf-edge/eve...
EVE Doesn't Measure Config Partition From 2 Fronts
Impact PCR14 is not included in the list of PCRs that seal/unseal the vault key. Additionally, the vault key uses SHA1 PCRs instead of SHA256. Thus an attacker with physical access can take out the disk, use a different computer to modify the files in the /config partition, and re-insert the disk...
CVE-2025-71198
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix iiochanspec for sensors without event detection The stlsm6dsxaccchannels array of struct iiochanspec has a non-NULL eventspec field, indicating support for IIO events. However, event detection is not...
PT-2026-6495
Impact Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk...
Innomic VibroLine Series 访问控制错误漏洞
The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a security access control vulnerability; this vulnerability arises from unverified neighboring attackers who may switch between multip...
PIDSMaker: Building and Evaluating Provenance-Based Intrusion Detection Systems
Recent provenance-based intrusion detection systems PIDSs have demonstrated strong potential for detecting advanced persistent threats APTs by applying machine learning to system provenance graphs. However, evaluating and comparing PIDSs remains difficult: prior work uses inconsistent preprocessi...
Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models
Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37875)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37875 advisory. - In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing...