CVE-2016-2861

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

Information disclosure

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2016-2861

Summary (CVE-2016-2861) : IBM WebSphere eXtreme Scale Client components (WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, 8.6 before 8.6.0.8)** expose sensitive information due to weaker-than-expected encryption, enabling a remote attacker to decrypt network...

CVE-2016-5109 - Authentication bypass vulnerability in Citrix Worx Home for iOS and Citrix MDX Toolkit for iOS

Description of Problem A vulnerability has been identified that affects iOS applications using the XenMobile MDX Toolkit. An attacker with physical access to the device could bypass in-application Apple Touch ID authentication in some cases where re-authentication is required. This vulnerability...

Ransomware Victims Lessons Learned

For online casinos, business begins to peak as gamblers punch out of work and belly-up to virtual blackjack tables. But on this Tuesday in February at 5p.m., the odds were not in the house’s favor. That’s when this virtual casino—with tens of millions of dollars in virtual transaction data,...

CVE-2015-1776

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file...

CVE-2015-1776

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file...

Anti-Encryption Bill Released, would Kill your Privacy and Security

The United States anti-encryption bill will kill your Privacy. In the wake of the Apple vs. FBI case, two leading Intelligence Committee Senators have introduced an anti-encryption bill that would effectively ban strong encryption. Senators Richard Burr R-NC and Dianne Feinstein D-CA released the...

CVE-2015-7502

Red Hat CloudForms 3.2 Management Engine CFME 5.4.4 and CloudForms 4.0 Management Engine CFME 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to 1 database exports o...

CVE-2015-7502

Red Hat CloudForms 3.2 Management Engine CFME 5.4.4 and CloudForms 4.0 Management Engine CFME 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to 1 database exports o...

PT-2016-3798 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 3.2 Management Engine CFME version 5.4.4 Red Hat CloudForms 4.0 Management Engine CFME version 5.5.0 Description: The issue is related to improper encryption of data in the backend PostgreSQL database. This might allow loca...

Amazon Backtracks On Encryption Removal

Amazon reversed course on its unpopular decision to remove encryption from its Fire OS 5 tablets. Over the weekend, Amazon said, customers’ device-level encryption support will return this spring. The move comes after Amazon customers and privacy activists expressed outrage over the company’s...

Code injection

Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors...

CVE-2016-2283

CVE-2016-2283 affects Moxa ioLogik E2200 series and ioAdmin Configuration Utility prior to 3.12/3.18, due to insufficient encryption that could let remote attackers obtain cleartext via unspecified vectors. Exploitation is described as remote with publicly available exploits; mitigations include ...

CVE-2015-5004

The Edge Component Caching Proxy in IBM WebSphere Application Server WAS 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2015-5004

CVE-2015-5004 affects IBM WebSphere Application Server Edge Component Caching Proxy. The vulnerability could allow a remote authenticated attacker to obtain sensitive information due to improper encryption. Affected are IBM WebSphere Application Server versions 8.0 (pre-8.0.0.12) and 8.5 (pre-8.5...

CVE-2015-5004

The Edge Component Caching Proxy in IBM WebSphere Application Server WAS 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain sensitive information via unspecified vectors...

FBI Director Asks Tech Companies to At least Don't Offer End-to-End Encryption

FBI declared War against Encryption. Encryption is defeating government intelligence agencies to detect terrorist activities and after the recent ISIS-linked terror attacks in Paris and California, the issue has once again become a political target in Washington. ...and meanwhile, Kazakhstan plan...

Angler Exploit Kit Spreading Cryptowall 4.0

As expected, it didn’t take long for one of the most popular exploit kits, Angler, to start spreading the latest iteration of Cryptowall ransomware. A drive-by campaign that uses a one-two punch to drop Cryptowall 4.0 has been observed in the wild this week, according to researchers at Heimdal...

SAP Manufacturing Integration and Intelligence Encryption Downgrade Vulnerability

SAP Manufacturing Integration and Intelligence also known as MII, formerly known as xMII is a set of Germany's SAP SAP will be the core of the manufacturing system and enterprise process integration platform. The platform provides for enterprises to freely create a blend of manufacturing executio...