Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach

A popular precious-metals dealer, JM Bullion, has been the victim of a payment-skimmer attack. The company’s response was less than solid gold — it took months to notify its users of the breach. The Dallas-based company sells gold, platinum, silver, copper and palladium bullion, in the form of...

Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-0ab6656303)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mingw-gnutls-3.6.15-1.fc32

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Fedora: Security Advisory for mingw-gnutls (FEDORA-2020-4f78f122a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

What’s in the Box? Part II: Hacking the iParcelBox

ARCHIVED STORY What’s in the Box? Part II: Hacking the iParcelBox By Steve Povolny · June 18, 2020 Package delivery is just one of those things we take for granted these days. This is especially true in the age of Coronavirus, where e-commerce and at-home deliveries make up a growing portion of...

[SECURITY] Fedora 32 Update: mingw-gnutls-3.6.13-1.fc32

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Security guidance for remote desktop adoption

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections. Many companies were forced to enhance their capabiliti...

ZSQL: SSL Status

To ensure transmission security of sensitive data on the Internet, you can use SSL to encrypt the communication between GaussDB 100 servers and clients. Note: This script checks the HAVESSL parameter in DVPARAMETERS table. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...

LDAP Windows Update (ADV190023) and Impact to Citrix Virtual Apps and Desktop Components

Impact to Citrix Technology This update will not impact Citrix Virtual App and Desktop Windows components: The update anticipated for the second half of 2020 requires SSL/TLS encryption for communication occurring over 389 and 636 to prevent any PLAINTEXT communication over both ports. Virtual Ap...

CVE-2017-18395

cPanel before 68.0.15 does not block a username of ssl SEC-328...

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

The U.S. government -- along with a number of leading security companies -- recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private...

CVE-2019-1672

CVE-2019-1672 describes a vulnerability in the Cisco Web Security Appliance (WSA) where the Decryption Policy Default Action handling allows an unauthenticated, remote attacker to bypass a configured drop policy and permit SSL traffic that should have been denied. The root cause is the incorrect ...

Information Disclosure

tryton is vulnerable to an information disclosure. The library does not properly connect with SSL encryption when connecting to a bus, causing the connection to be attempted in plaintext. A malicious user can gain access to sensitive session information with a man-in-the-middle MitM attack...

testssl.sh - Testing TLS/SSL Encryption Anywhere On Any Port

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: It works for Linux, OSX/Darwin...

Code injection

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the...

CVE-2013-4035

IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the...

CVE-2018-5507

On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5, vCMP guests running on VIPRION 2100, 4200 and 4300 series blades cannot correctly decrypt ciphertext from established SSL sessions with small MTU...

CVE-2018-5458

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information...

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted http:// vs. https:// Web pages. Increasingly, however, phishers are upping their game, polishing their copy and...

What You Should Know About the ‘KRACK’ WiFi Security Weakness

Researchers this week published information about a newfound, serious weakness in WPA2 -- the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who's most at-risk from this vulnerability, and what organizations and...