EUVD-2016-2872

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-2808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes...

Linux Distros Unpatched Vulnerability : CVE-2013-2566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct...

PT-2024-27030 · Faronics · Winselect

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue concerns the encryption of a configuration file using a static key derived from a static five-character password. This password is hashed with the outdated MD5 algorithm, which i...

K14638: TLS/SSL RC4 vulnerability CVE-2013-2566

Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same...

K16864: SSL/TLS RC4 vulnerability CVE-2015-2808

Security Advisory Description The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream...

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

Security Bulletin: Multiple vulnerabilities in the IBM® Runtime Environments, Java™ Technology Edition, Version 6 affects the IBM InfoSphere Optim Data Masking Solution.

Summary There are multiple vulnerabilities in the IBM Runtime Environments, Java Technology Edition, Version 6 CVE-2015-0488, CVE-2015-2808,CVE-2015-0410, CVE-2015-1916,CVE-2015-0204 that affect the IBM InfoSphere Optim Data Masking Solution. These issues were disclosed as part of the IBM Java SD...

sympa -- Inappropriate use of the cookie parameter can be a security threat. This parameter may also not provide sufficient security.

Earlier versions of Sympa require a parameter named cookie in sympa.conf configuration file. This parameter was used to make some identifiers generated by the system unpredictable. For example, it was used as following: To be used as a salt to encrypt passwords stored in the database by the RC4...

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Secure Proxy and Sterling External Authentication Server (CVE-2015-0488, CVE-2015-1916, CVE-2015-2808, CVE-2015-0478, CVE-2015-0204)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.7.0 that is used by Sterling Secure Proxy and Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEI...

Information Disclosure

IBM Java SE is vulnerable to information disclosure. The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the...

TAU Threat Intelligence Notification: Operation SharpShooter

Operation Sharpshooter, leverages an embedded shellcode as an in-memory implant to download and retrieve a second-stage implant, which is known as Rising Sun. Rising Sun uses source code from the Duuzer backdoor that has been used in a past campaign of Lazarus group. This newly discovered campaig...

Security Bulletin: IBM Spectrum Scale Object Protocols functionality (Linux Standard and Advanced) is affected by security vulnerabilities in the TLS and SSL protocols (CVE-2015-2808 and CVE-2014-3566)

Summary IBM Spectrum Scale Object Protocols functionality Linux Standard and Advanced is affected by security vulnerabilities in the TLS and SSL protocols CVE-2015-2808 and CVE-2014-3566 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in IBM Java SDK affect IBM SONAS (CVE-2015-2808)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SONAS. This issue was disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Network Advisor (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Network Advisor. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects Real-time Compression Appliance (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Real-time Compression Appliance Vulnerability Details CVEID: CVE-2015-2808DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM FlashSystem V840 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM FlashSystem V840. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Intelligent Operations Center (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Intelligent Operations Center. Vulnerability Details CVE ID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...