SilverRAT Source Code Leaked Online: Here’s What You Need to Know

SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal...

Security Bulletin: IBM SPSS Statistics: "IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks"

Summary A combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. IBM SPSS Statistics is not directly affected, but is issuing a patch for the relevant versions. Vulnerability Detai...

Security Bulletin: Vulnerability in IBM Java affects Infosphere Data Architect

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...

Security Bulletin: Vulnerability in IBM Java affects DB2 Recovery Expert for Linux, Unix and Windows

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks. (CVE-2023-30441)

Summary IBM Java versions 8.0.7.0 - 8.0.7.1 has a combination of two flaws in the JSSE component and IBMJCEPlus security provider expose some IBM Java releases to various cryptographic attacks when acting as a TLS server. Following IBM® Engineering Lifecycle Engineering products are vulnerable to...

Security Bulletin: A vulnerability in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Summary A security vulnerability in IBM SDK, Java Technology Edition affects IBM Operations Analytics Predictive Insights 1.3.6 or earlier. IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks. This vulnerability has been addressed. Vulnerability Details Refer to the security...

OpenSSL Heartbleed Highlights Crypto Pitfalls

There is no shortage of bad advice online about crypto–or anything else, for that matter. And the recent mess involving the OpenSSL heartbleed vulnerability has brought out plenty of advice on building, implementing and repairing cryptosystems, but experts say that the fundamental truths about ho...

Design/Logic Flaw

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...