Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts

UPDATE Fitness apparel firm Under Armour said 150 million users of its MyFitnessPal app are victims in a breach exposing user names, email addresses and hashed passwords. The company said personal identifiable information such as credit card numbers and social security numbers were not part of th...

CVE-2018-7498

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

Code injection

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

CVE-2018-7498

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

CVE-2018-7498

Philips Alice 6 System (R8.0.3 or prior) is affected by CVE-2018-7498 due to missing encryption of sensitive data (CWE-311), impacting confidentiality/integrity not properly protected. Update to R8.0.4 to remediate; apply network security controls and follow ICS-CERT guidance for defense-in-depth.

CVE-2018-7498

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...

Philips Alice 6 Missing Encryption Sensitive Data Vulnerability

The Philips Alice 6 is a polysomnographic monitoring system PSG designed to record, display and print physiologic information for clinicians/physicians. The Philips Alice 6 suffers from a lack of encryption of sensitive data vulnerability that stems from a lack of proper data encryption that woul...

The vulnerability of microprogramming software in media devices from Valve’s Steam Link, related to the reduction of passwords to 8 characters, allows attackers to gain access to the device with root privileges.

The vulnerability of microprogramming software in media devices from Valve’s Steam Link stems from the fact that the password for the root account is shortened to 8 characters due to the use of the cryptographic protocol DES. Exploiting this vulnerability allows a malicious actor to gain access t...

Samsung Display Solutions App for Android Man-in-the-Middle Attack Vulnerability

Samsung Display Solutions App for Android is an Android-based mobile application developed by Samsung South Korea for viewing Samsung display devices. A security vulnerability exists in versions of the Samsung Display Solutions App for Android prior to version 3.02, which arises from the program'...

2018 Cyberthreat Defense Report: Where IT Security Is Going

What keeps you awake at night? We asked IT security professionals the same question and found that these issues are top of mind: malware and spear phishing, securing mobile devices, employee security awareness and new technologies that detect threats capable of bypassing traditional signature-bas...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To)

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...

How your enterprise applications could be putting your company at risk

The typical company, large or small, depends on a number of different enterprise applications in order to ensure that employees can complete critical, daily tasks. Apps like those for enterprise resource planning, customer relationship management, screen and file sharing have become commonplace i...

CVE-2017-3762

Lenovo Fingerprint Manager Pro (Windows 7/8/8.1) versions 8.01.86 and earlier store sensitive data (Windows logon credentials, fingerprint data) with weak encryption and a hard-coded password, accessible to all local non-administrative users. This CVE-2017-3762 entry is addressed by Lenovo’s advi...

CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

Overview of rapid cyberattacks

Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attack...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

Wi-Fi Alliance launches WPA3 protocol with new security features

The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol—Wi-Fi Protected Access WPA3. WPA3 will replace the existing WPA2—the network security protocol that has been around for at least 15 years and widely used by billions of wireless devices eve...