5 Red Flags That Tell You Vendors Are Lying About AI

This is the original version of this article: The term Artificial Intelligence has become a buzzword that people use in sales pitches all the time. You will hear about it in the latest ad copy for new gadgets and programs. It also happens to be the most important tool in the cyber security field...

Default credentials

DISPUTED Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor...

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...

CVE-2017-7306

Riverbed RiOS before version 9.6.1 exposes a weak default password for the secure vault. This weakness can be exploited by physically proximate attackers who know the password algorithm and the appliance serial number, enabling defeat of the secure-vault protection mechanism. Documentation consis...

Credit Card Number Disclosure

Credit card numbers are used in applications where a user is able to purchase goods and/or services. A credit card number is a sensitive piece of information and should be handled as such. Cyber-criminals will use various methods to attempt to compromise credit card information that can then be...

Novell eDirectory Multiple Vulnerabilities (Mar 2017)

Novell / NetIQ eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory"...

CVE-2015-8234

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...

Cryptographic Hash Collision Attack

gateway is vulnerable to collision attack. The vulnerability is possible because it uses weak hashing algorithm, SHA-1, for HashedCredentialsMatcher, allowing the attackers to easily perform collsion attacks...

Microsoft Bulletin: detection and protection CVE-2017-0005 mention the right vulnerability-vulnerability warning-the black bar safety net

! 2017 3 October 14, Microsoft released a security Bulletin MS17-013, designed to address the CVE-2017-0005 mention the right vulnerability, Qualys vulnerability Labs Director, Amol Sarwate, said:“CVE-2017-0005 is a zero-day vulnerability issue currently being the abuse, the use of Silverlight as...

Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple...

CVE-2016-9121

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...

Code injection

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...

CVE-2016-9121

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...

CVE-2016-9121

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making ...

CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

[R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities

Log Correlation Engine LCE 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. The following vulnerabilities have been resolved with the updated libraries...

Design/Logic Flaw

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

CVE-2017-5999

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

CVE-2017-5999

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...