Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys

Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…...

The vulnerability of the ceph_handle_caps() function in the fs/ceph/caps.c module of the Linux kernel’s file system support module allows a attacker to cause a service failure.

The vulnerability of the cephhandlecaps function in the fs/ceph/caps.c module of the Linux kernel’s file system support module is related to the lack of encryption measures for sensitive data. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the BT Controller component of Qualcomm’s embedded software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the BT Controller component in the microprogramming software of Qualcomm’s integrated chips is related to data encryption errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Some AES functions may panic when overflow checking is enabled in ring

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

GHSA-4P46-PWFR-66X6 Some AES functions may panic when overflow checking is enabled in ring

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tools lies in the lack of data encryption measures, which allows attackers to disclose protected information.

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tools is related to the lack of data encryption measures. Exploiting this vulnerability could allow a malicious actor to disclose protected information by executing a “man-in-the-middle” attack...

CVE-2025-24849

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...

DEBIAN-CVE-2022-49262

In the Linux kernel, the following vulnerability has been resolved: crypto: octeontx2 - remove CONFIGDMCRYPT check No issues were found while using the driver with dm-crypt enabled. So CONFIGDMCRYPT check in the driver can be removed. This also fixes the NULL pointer dereference in driver release...

Siemens SIMATIC S7-1500 TM MFP BIOS Missing Encryption of Sensitive Data (CVE-2022-21233)

Improper isolation of shared resources in some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

How to utilize VPN for safe work and remote work environments

A VPN enhances online privacy, encrypts data, and secures devices. Essential for remote work, it protects against cyber threats and ensures safer internet use...

Improper Data Encryption

Temporal api-go is vulnerable to Improper Data Encryption. The vulnerability is due to missing Data Converter transformations due to the update response information not being processed by the Data Converter when using a gRPC proxy with the api-go module, leading to unencrypted data exposure...

CVE-2024-33504

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability CWE-321 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the...

Siemens SIPROTEC 5

SUMMARY Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the filesystem of the device. Siemens is preparing fix versions and recommends specific...

CVE-2024-49805

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2024-31999

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is...

The vulnerability of the FactoryTalk AssetCentre software, a centralized asset management system, is related to insufficiently secure data encryption. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the FactoryTalk AssetCentre software for centralized asset management is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

PT-2025-4002 · Contec Health · Contec Health Cms8000 Patient Monitor

Name of the Vulnerable Software and Affected Versions: Contec Health CMS8000 Patient Monitor version Description: The issue involves the transmission of plain-text patient data to a hard-coded public IP address when a patient is connected to the monitor. This could lead to a leakage of confidenti...

PT-2024-40305 · Unknown · Magiccrypt192 +3

Name of the Vulnerable Software and Affected Versions: MagicCrypt64, MagicCrypt128, MagicCrypt192, and MagicCrypt256 affected versions not specified Description: The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data...