IBM Guardium Data Encryption 信息泄露漏洞

IBM Guardium Data Encryption is an encryption solution that captures pricing information and is used to protect data and business. An information leakage vulnerability exists in IBM Guardium Data Encryption that originates from storing sensitive information in URL parameters, which can be exploit...

Security Bulletin: IBM Security Guardium Data Encryption has vulnerability ( CVE-2021-39020)

Summary IBM Guardium Data Encryption GDE stores sensitive information in URL parameters. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39020 DESCRIPTION: IBM Guardium Data Encryption GDE stores sensitive information in URL parameters. This may lead to...

CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

Microsoft best practices for managing IoT security concerns

The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals’ daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring massive convenience and functionality. IoT...

MITRE Engenuity ATT&CK Evaluation: InsightIDR Drives Strong Signal-to-Noise

Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations. With this evaluation, our customers and the broader security community get a deeper understanding of how...

Executive Summary: Organizations and Nation-State Cyber Threats

Executive Summary: Organizations and Nation-State Cyber Threats By John Fokker · March 28, 2022 Traditionally when we talk about threat actors, we first need to make the split between cybercrime and nation-state sponsored operations. Where cybercrime is mostly focused on financial gain,...

AvosLocker Ransomware group has targeted 50+ Organizations Worldwide

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

Russia under Attack from New RURansom Wiper

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A series of Wiper Malware attacks have been launched in the continuing cyber war between Russia and Ukraine. Researchers have discovered the RURansom wiper malware, which adds to the current collection of harmful malware. The...

Pandora Ransomware Targets Multiple Plants around the Globe

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Pandora ransomware is a new operation that targets business networks and obtains data for double-extortion assaults and active since March 2022. DENSO, a Japanese auto parts manufacturers plant in Germany, and Global Wafers...

IBM Guardium Data Encryption has an unspecified vulnerability (CNVD-2022-20154)

IBM Guardium Data Encryption GDE is an application from IBM of America, Inc. IBM Guardium Data Encryption versions 4.0.0.0 and 5.0.0.0 contain a security vulnerability that stems from the fact that the software saves user information in a CSV form file with a comma as the separator symbol, but it...

Security Bulletin: IBM Guardium Data Encryption (GDE) has an information exposure vulnerability (CVE-2021-39025)

Summary An information Exposure was addressed in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39025 DESCRIPTION: IBM Guardium Data Encryption GDE could disclose internal IP address information when the web backend is down...

Security Bulletin: IBM Guardium Data Encryption (GDE) has a vulnerability (CVE-2021-39022), related to hazardous input.

Summary Vulnerability identified in IBM Guardium Data Encryption GDE, related to hazardous input. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39022 DESCRIPTION: IBM Guardium Data Encryption GDE saves user-provided information into a Comma-Separated Value C...

CVE-2021-39025

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

CVE-2021-39025

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863...

Command injection

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

Code injection

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863...

CVE-2021-39025

CVE-2021-39025 affects IBM Guardium Data Encryption (GDE) components when the web backend is down, allowing disclosure of internal IP address information. Affected products/versions include GDE: DSM 4.0.0.0 to 4.0.0.7 (and 4.0.0.7 specifically), GCKM 1.10.1 and lower, and CT-VL 2.6.3 and lower; o...