SUSE CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

SUSE CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...

CVE-2023-20038

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the...

The vulnerability of the SAP Customer Data Cloud software for managing customer data, related to insufficiently secure data encryption, allows a perpetrator to disclose protected information.

The vulnerability of the SAP Customer Data Cloud software for managing customer data is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information...

PT-2023-9845

Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description A security-feature bypass issue exists in the Windows BitLocker component caused by a race condition, which occurs when multiple processes attempt to access the same resource...

CVE-2021-40341

DES cipher, which has inadequate encryption strength, is used Hitachi Energy FOXMAN-UN to encrypt user credentials used to access the Network Elements. Successful exploitation allows sensitive information to be decrypted easily. This issue affects FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B...

CVE-2021-40342

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects FOXMAN-UN product:...

Hitachi FOXMAN-UN 加密问题漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. Hitachi FOXMAN-UN has a security vulnerability that stems from its use of DES ciphers to encrypt user credentials used to access network elements.DES is no longer considered secure because its short 56-bit...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-2877)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script...

Mallox Ransomware is Ramping up its Operation

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mallox ransomware strains have been spotted in the wild, indicating that the ransomware is operational, propagating rapidly, and infecting entities. An unknown .NET-based loader distributes these Mallox...

CVE-2020-4497

CVE-2020-4497 affects IBM Spectrum Protect Plus 10.1.0–10.1.12. The root cause is unencrypted data in the communication flow between vSnap and its application agents, enabling information disclosure via man-in-the-middle techniques. IBM documents a fix in version 10.1.13 that adds transport encry...

5 SaaS security best practices

Just about anywhere you look, organizations are relying on Software-as-a-Service SaaS apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to rea...

Eufy "no cloud" security cameras streaming data to the cloud

Eufy home security cameras are currently in a spot of trouble as a result of door camera footage. This is because it turns out that data which should not have been going to the cloud was doing so anyway in certain conditions. Securing your home: a complicated proposition Insecure cameras,...

Hiro: Security Issue into Wallet lock protection

Description While testing wallet extension i generally try to test multiple endpoints, so 2 tabs were open of wallet on chrome-extension://ldinpeekobnhjjdofggfgjlcehhmanlj/popup.html So i tried to lock Wallet extension buti found that i can still use browser in 2nd tab, why i had already locked...

The vulnerability of the SSH library (x/crypto/ssh) in the Go programming language, which allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of the SSH library x/crypto/ssh in the Go programming language is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to execute a “man-in-the-middle” attack...

Stopping C2 communications in human-operated ransomware through network protection

Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...

The vulnerability of the IBM CICS TX Standard application server, related to data encryption errors, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM CICS TX Standard application server is related to data encryption errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information remotely...

Iran’s Digital Surveillance Tools Leaked

Its Irans turn to have its digital surveillance tools leaked: According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their...

PT-2022-25996 · Haas · Haas Controller

Name of the Vulnerable Software and Affected Versions: Haas Controller version 100.20.000.1110 Description: The issue concerns the transmission of communication traffic involving the "Ethernet Q Commands" service in cleartext. This allows an attacker to obtain sensitive information being passed t...