CVE-2022-41627

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram EKG has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting soun...

Discover Microsoft Security solutions for SLTT government grant readiness

As part of the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act of 2021, the United States federal government announced a cybersecurity grant program for state, local, territorial, and tribal SLTT governments to fund allocation of USD1 billion over the next...

Discover Microsoft Security solutions for SLTT government grant readiness

As part of the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act of 2021, the United States federal government announced a cybersecurity grant program for state, local, territorial, and tribal SLTT governments to fund allocation of USD1 billion over the next...

UBUNTU-CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

Heimdal GSSAPI 安全漏洞

Heimdal GSSAPI is the General Security Service Application Program Interface for Heimdal Individual Developers. A security vulnerability exists in Heimdal GSSAPI that stems from a possible buffer overflow on malloc allocated memory by the DES and 3-DES decoding methods...

CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware

U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. "The Daixin Team is a ransomware and data extortion group that has targeted the HPH...

Microsoft Windows CryptoAPI has an unspecified vulnerability

Microsoft Windows CryptoAPI is a cryptographic compiler added to the Windows operating system by Microsoft Corporation. As an important foundation for data encryption and decryption functions, CryptoAPI supports synchronous and asynchronous key encryption processing, as well as the management of...

Apache Shiro Authentication Bypass Vulnerability (CNVD-2022-68497)

Apache Shiro is a Java security framework with authentication, access authorization, data encryption, session management, etc. An authentication bypass vulnerability exists in Apache Shiro, which is caused when requests are forwarded or requests are included via the RequestDispatcher interface, a...

Microsoft Windows CryptoAPI 安全漏洞

Microsoft Windows CryptoAPI is a cryptographic compiler added to the Windows operating system by Microsoft Corporation. As an important foundation for data encryption and decryption functions, CryptoAPI supports synchronous and asynchronous key encryption processing, as well as the management of...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2432)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware

A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zurich law enforcement authorities. Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegi...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2300)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...

Moisha Ransomware spotted launching highly targeted attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Moisha ransomware based on .Net was first mentioned in mid-August, along with the PTMOISHA team, the threat actor behind it. This ransomware was developed to carry out very targeted attacks, as indicated...

openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

Twitter Whistleblower Complaint: The TL;DR Version

A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former employer for its alleged shoddy security practices and being out of compliance with an FTC order to protect user data. Twitter has...

AlmaLinux 8 : openssl (5818) (ALSA-2022:5818)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in...

Five Data Security Controls and Processes you Must Bring to Cloud-native Infrastructures

Too frequently, there are significant misunderstandings in organizations with regard to who has the responsibility to protect cloud-hosted data. In Imperva’s recent report, A Data-Centric Cybersecurity Framework for Digital Transformation, IT analyst and author Richard Stiennon explains what...

Oracle Linux 8 : openssl (ELSA-2022-9683)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9683 advisory. - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Fix CVE-2022-1292: openssl: crehash script allows...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, it’s very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids...

How to protect yourself and your kids against device theft

In no time at all, kids will be going back to school or starting college. And while gearing up for this, its very important to be aware of the threat from device loss in the school environment. Maybe you are away at university for the first time and have a new place to live, or maybe your kids ha...