CVE-2020-10554

CVE-2020-10554 affects Psyprax before 3.2.2. The issue is that passwords used to encrypt data are stored in the database in an obfuscated format that can be easily reverted (e.g., AAAAAAAA stored as MMMMMMMM). The Red Hat and NVD entries corroborate this description. The available documents do no...

Code injection

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...

IBM Security Guardium Data Encryption Improper Privilege Control Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An improper privilege control vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

IBM Security Guardium Data Encryption Weak Encryption Algorithm Vulnerability

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. A weak cryptographic algorithm vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. An attacker...

CVE-2019-4160

IBM Security Guardium Data Encryption GDE 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577...

CVE-2019-4160

IBM Security Guardium Data Encryption GDE 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577...

CVE-2019-4702

IBM Security Guardium Data Encryption GDE 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors...

Code injection

IBM Security Guardium Data Encryption GDE 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577...

Code injection

IBM Security Guardium Data Encryption GDE 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors...

CVE-2019-4687

IBM Security Guardium Data Encryption GDE 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823...

CVE-2019-4702

IBM Security Guardium Data Encryption GDE 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors...

CVE-2019-4687

CVE-2019-4687 affects IBM Security Guardium Data Encryption (GDE) 3.0.0.2, where sensitive data is stored in URL parameters. The root cause is the disclosure risk from information in URLs that can be exposed via server logs, referrer headers, or browser history. The vulnerability is documented ac...

CVE-2019-4160

IBM Security Guardium Data Encryption GDE 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577...

CVE-2019-4160

CVE-2019-4160 affects IBM Guardium Data Encryption (GDE) version 3.0.0.2, which uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The issue is specific to GDE 3.0.0.2; IBM’s bulletin notes that fixes are available in GDE 4.0.0...

IBM Security Guardium Data Encryption (GDE) 信息泄露漏洞

IBM Security Guardium Data Encryption GDE provides a modular set of encryption solutions that help security teams effectively implement data-at-rest security across the organization. An information disclosure vulnerability exists in IBM Security Guardium Data Encryption 3.0.0.2. The vulnerability...

7 Simple Ways to Make Your Android Phone More Secure

Here's how to lock down your data and stop others from snooping on your personal information...

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual...

Campari Site Suffers Ransomware Hangover

Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...

ALSA-2020:4490 Moderate: gnupg2 security, bug fix, and enhancement update

The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 2.2.20. BZ1663944 Security Fixes: GnuPG: interaction between the sks-keyserv...

Ransomware Impacting Pipeline Operations

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK™ framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems ICS frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and...