2876 matches found
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM DataQuant for Workstation (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM DataQuant for Workstation. The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentia...
CVE-2021-25763
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...
CVE-2021-25763
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...
Default credentials
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...
CVE-2021-25763
CVE-2021-25763 affects JetBrains Ktor prior to 1.4.2, where weak cipher suites were enabled by default in the framework. The issue is described as a default configuration flaw in Ktor’s crypto settings, potentially enabling weaker ciphers for connections. Public reports confirm the vulnerable ver...
CVE-2021-25763
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default...
How Page Integrity Manager Detects Real-World Magecart Attacks
Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...
NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations
The National Security Agency NSA has released a Cybersecurity Information CSI sheet on eliminating obsolete Transport Layer Security TLS configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS...
Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Synergy (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Synergy. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...
Unspecified Vulnerability in HCL BigFix Inventory
HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...
Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to weak cipher suites by successfully creating SSL connections
Summary AppScan determined that the site uses weak cipher suites by successfully creating SSL connections using each of the weak cipher suites listed here. Vulnerability Details Third Party Entry: PSIRT-ADV0026310 DESCRIPTION: Created from Advisory: ADV0026310 CVSS Base score: 5.9 CVSS Vector:...
Cryptologists Crack Zodiac Killer's 340 Cipher
A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century. And while the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology and the basic building blocks of cybersecurity — access control an...
Code injection
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...
CVE-2020-14254
CVE-2020-14254 affects HCL BigFix Inventory up to v10.0.2, where TLS-RSA cipher suites are not disabled. The available descriptions state that if TLS 2.0 and secure ciphers are not enabled, an attacker can passively record traffic and later decrypt it. The connected documents corroborate the vuln...
Zodiac Killer Cipher Solved
The SF Chronicle is reporting more details here, and the FBI is confirming, that a Melbourne mathematician and team has decrypted the 1969 message sent by the Zodiac Killer to the newspaper. Theres no paper yet, but there are a bunch of details in the news articles. Heres an interview with one of...
HCL BigFix Inventory 安全漏洞
HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...
The Zodiac Killer's Cipher Is Finally Cracked After 51 Years
Amateur and professional cryptographers, including those at the FBI, had been trying to decode the infamous serial killer's message to the media for decades...
CVE-2020-25230
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...
CVE-2020-25230
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...
Design/Logic Flaw
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...