[SECURITY] Fedora 26 Update: openssl-1.1.0h-1.fc26

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 28 Update: openssl-1.1.0h-2.fc28

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 27 Update: openssl-1.1.0h-1.fc27

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Code injection

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

CVE-2017-1571

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853...

CVE-2018-1428

CVE-2018-1428 is discussed in IBM GSKit-related security bulletins. The vulnerability arises from weaker-than-expected cryptographic algorithms in IBM GSKit, which could permit an attacker to decrypt highly sensitive information. The connected IBM documents assign a base score of 6.2 (CVSS v3) fo...

CVE-2017-1571

CVE-2017-1571 affects IBM DB2 for Linux, UNIX and Windows (including DB2 Connect Server) versions 9.7, 10.1, 10.5 and 11.1. The weakness is weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM’s IBM X-Force ID: 131853. Connected I...

[SECURITY] Fedora 26 Update: cryptopp-5.6.5-2.fc26

Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...

Encryption 101: How to break encryption

Continuing on in our Encryption 101 series, where we gave a malware analyst's primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some...

[SECURITY] Fedora 26 Update: python-crypto-2.6.1-22.fc26

PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...

Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

Cryptojackers are getting resourceful and have figured out how to bypass ad-blocking software and deliver the Coinhive JavaScript miner via browser-based ads. Researchers at Qihoo’s Netlab 360 said it recently spotted an advertising network that was using what is called a domain generation...

[SECURITY] Fedora 27 Update: python-crypto-2.6.1-22.fc27

PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...

Code injection

IBM Security Guardium Big Data Intelligence SonarG 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003...

CVE-2018-1425

IBM Security Guardium Big Data Intelligence SonarG 3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139003...

VIDEO: Unfiltered Endpoint Data – A Platform For Consolidated Endpoint Management

A PLATFORM FOR CONSOLIDATED ENDPOINT MANAGEMENT In our last post of this series, we talked about the key to better endpoint threat detection. It’s all about the data you collect. Across the board, endpoint security solutions use pre-defined signatures or rules to detect threats — only conducting...

GSA Bounty: SSH server compatible with several vulnerable cryptographic algorithms

An ssh-audit scan found that ssh.fr.cloud.gov supports sha1 for various purposesincluding exclusively for MAC addresses, as well as arcfour. Both of these are outdated and known vulnerable. The algorithms used are also indicative of an outdated SSH version OpenSSH 6 or Dropbear 2013. It's probabl...

The Evolution of Ransomware

While many businesses and individual users understand that ransomware isn't a new threat, many don't actually know how long this particular infection style has been utilized by hackers. The first attacks took place more than a decade ago, and since then, ransomware authors have only become more...

Intel® NUC Kit with Infineon Trusted Platform Module

Summary: Certain Intel® NUC systems contain an Infineon Trusted Platform Module TPM that has an information disclosure vulnerability as described in CVE-2017-15361. Description: Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration...