Summer Vacation Plans? Be Safe When Connecting!

Tips to Protect Yourself While Traveling Summer travel should be a respite from work, when you relax and don’t have to worry about business. And your mobile devices can help make it easier, whether it’s booking a flight or a hotel room, ordering a cab or an Uber driver, browsing websites for your...

Ransomware and malicious crypto miners in 2016-2018

Ransomware is not an unfamiliar threat. For the last few years it has been affecting the world of cybersecurity, infecting and blocking access to various devices or files and requiring users to pay a ransom usually in Bitcoins or another widely used e-currency, if they want to regain access to...

WPA3 Standard Officially Launches With New Wi-Fi Security Features

The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks. WPA, or Wi-Fi Protected Access, is a standard designed to...

Security Bulletin: Open Source GNU glibc vulnerabilities on IBM Storwize V7000 Unified (CVE-2014-7817, CVE-2014-9087)

Summary IBM Storwize V7000 Unified is shipped with GNU glibc, for which fixes are available for two security vulnerabilities. Vulnerability Details CVEID: CVE-2014-7817 DESCRIPTION: GNU C Library glibc could allow a local attacker to execute arbitrary commands on the system. An attacker could...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is using components with Known Vulnerabilities

Summary Multi-Cloud Data Encryption MDE has addressed the following vulnerability: Using components with known vulnerabilities Vulnerability Details CVEID: CVE-2017-5637 DESCRIPTION: Apache Zookeeper is vulnerable to a denial of service, caused by the improper handling of the wchp command. By...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an Information Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following information exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: PEN-TEST: Query Parameter in SSL Request CVSS Base Score: 6.5 CVSS Temporal Score: See Not Applicable for the current score CVSS...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by a missing checksum vulnerability

Summary Security Bulletin: Multi-Cloud Data Encryption MDE has addressed a missing checksum vulnerability Vulnerability Details CVEID: CVE-2018-1593 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE could allow an unauthorized user to manipulate data due to missing file checksums. CVSS Base Score:...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an application error.

Summary Security Bulletin: Multi-Cloud Data Encryption MDE has addressed the following application error vulnerability. Vulnerability Details CVEID: CVE-2018-1591 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE generates an error message that includes sensitive information about its environment,...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an SSL Query Parameter Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following query parameter exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE stores sensitive information in URL parameters. This may lead to information disclosure if...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by a Denial of service vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed following Denial of service vulnerability Vulnerability Details CVEID: CVE-2018-1589 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE does not properly restrict the size or amount of resources that are requested or influenced by an actor. This...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an Insufficient Session Expiration vulnerability.

Summary Multi-Cloud Data Encryption MDE has addressed the following Insufficient Session Expiration vulnerability. Vulnerability Details CVEID: CVE-2018-1590 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE does not invalidate session tokens in a timely manner. The lack of proper session expirati...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information (CVE-2016-2861, CVE-2016-0400)

Summary Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information. Vulnerability Details CVEID: CVE-2016-2861 DESCRIPTION: IBM WebSphere eXtreme Scale uses weaker than expected security to encrypt data which could allow an attacker that is able to capture...

MyHeritage Says Over 92 Million User Accounts Have Been Compromised

MyHeritage, the Israel-based DNA testing service designed to investigate family history, has disclosed that the company website was breached last year by unknown attackers, who stole login credentials of its more than 92 million customers. The company learned about the breach on June 4, 2018, aft...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

CVE-2018-8857

Philips Brilliance CT software Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbou...

How to Make Your Demo Environment Easy, Accessible...AND Secure

A common misconception I've heard in the field is that a tradeoff exists between easy access for applications and network security. For example, companies want to allow their sales team, partners, and prospects access into demo environments. With traditional access solutions, there is a question ...

DRD Agent - Critical - PHP object injection - SA-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

Medium: stunnel, amazon-efs-utils

Issue Overview: This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost. This update adds t...

Medium: stunnel, amazon-efs-utils

Issue Overview: This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost. This update adds t...