CVE-2019-11686

Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters such as data encryption keys to remain on the drive media after their intended erasure...

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved...

CVE-2020-4283

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 1762...

Code injection

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...

Google Advises Android Developers to Encrypt App Data On Device

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...

The vulnerability of the SAP Information Steward software control tool, which exists due to deficiencies in the encryption of user-input data, allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the SAP Information Steward software control tool exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

VMware Carbon Black TAU: Ryuk Ransomware Technical Analysis

Ryuk Ransomware has been crippling both the public and private sector recently with the ability to disrupt its target environment. The ransomware will typically be dropped by an already compromised system that has been infected by Trickbot or Emotet through a phishing email. Once the Ryuk payload...

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

CVE-2020-4224

IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133...

Security Bulletin: Information Disclosure in IBM StoredIQ (CVE-2020-4224)

Summary IBM StoredIQ has addressed the following information disclosure vulnerability. Vulnerability Details CVEID: CVE-2020-4224 DESCRIPTION: IBM StoredIQ could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links...

Shlayer Trojan attacks one in ten macOS users

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell int...

The vulnerability of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, which stems from insufficient data encryption, allows attackers to bypass existing security measures in the context of current users.

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud are related to insufficient data encryption. Exploiting these vulnerabilities can allow attackers to bypass existing security measures when acting remotely...

Security Bulletin: Vulnerability in the Fabric OS used by IBM b-type SAN directors and switches.

Summary Public disclosed vulnerability from OpenSSL in the Fabric OS used by IBM b-type SAN directors and switches. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurr...

Incident Response lessons from recent Maze ransomware attacks

By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial...

Fortinet FortiOS < 5.6.10 / 6.0 < 6.0.7 / 6.2.x < 6.2.1 Vulnerable Encryption (FG-IR-19-007)

The remote host is running a version of FortiOS that has not yet enabled private-data-encryption. A authorized remote user with access or knowledge of the standard encryption key could gain access and decrypt the FortiOS backup files and all non-administor passwords and private keys.' CVE-2019-66...

CVE-2019-17428

CVE-2019-17428 affects Intesync Solismed 3.3sp1. The issue is a flaw in the encryption implementation that allows all encrypted data in the database to be decrypted. The connected documents corroborate an encryption weakness; no exploit details or specific remediation are provided in the supplied...

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because ...

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology...

Hacking Hardware Password Managers: The RecZone

TL:DR Hardware security can be difficult to fathom, so I set out to research three password vaults as a newbie, sharing my findings. I picked three popular hardware vaults, each with different components, requiring different skills and equipment. Here's how I learned about disassembly, chipset...

400 Vet Locations Nipped by Ryuk Ransomware

National Veterinary Associates NVA has been hit with the Ryuk ransomware, in an attack that affects 400 clinics across the country. The California company said that it could take a week for its facilities to be fully back up and running normally. Patient records, payment systems and practice...