Security Bulletin: SSL timing vulnerabilities in ClearCase Remote Client (CVE-2014-0411)

Summary An attacker can monitor a long-lived encrypted CCRC session and potentially decrypt the entire session. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID...

Looking For Secure VPN Services? Get a Lifetime Subscription

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and...

Looking For Secure VPN Services? Get a Lifetime Subscription

PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and...

Security update for git-annex (moderate)

This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

Security update for git-annex (moderate)

This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

openSUSE Security Update : git-annex (openSUSE-2018-697)

This update for git-annex to version 6.20180626 fixes the following issues : - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier bsc1098062. - CVE-2018-10859: Prevent local gpg encrypted...

To crypt, or to mine – that is the question

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. During that time the malware writers have changed: the way their Troja...

EncryptedToken Integer Overflow Vulnerability

EncryptedToken ECC is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function of the smart contract implementation in ECC. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

Beware! Fortnite Cheat Hijacks Gamers' PCs to Intercept HTTPS Traffic

If you are looking for Fortnite v-bucks generator, aimbot or any other game cheats—then beware—you might end up installing malware on your PC! Web-based game-streaming platform Rainway is reporting that tens of thousands of Fortnite players have inadvertently infected their systems with a piece o...

Traffic Analysis of the LTE Mobile Standard

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting. EDITED TO ADD 7/3: More information. I...

Ivanti Avalanche Information Disclosure Vulnerability

Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability exists in Ivanti Avalanche versions 5.3 and 6.2. The vulnerability can be exploited by a...

Authentication flaw

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

Debian DLA-1398-1 : php-horde-crypt security update

It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email. For Debian 8 'Jessie', these problems have been fixed in version 2.5.0-5+deb8u1. We recommend th...

DENX Software Engineering U-Boot Input Validation Vulnerability

DENX Software Engineering U-Boot is a bootloader from DENX Software Engineering, Germany, that can read device configuration from AES encrypted files. An input validation vulnerability exists in the Verified boot signature verification in DENX Software Engineering U-Boot. An attacker could exploi...

CVE-2017-16718

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

Authentication flaw

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

CVE-2017-16718

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

Microsoft Windows: Allow indexing of encrypted files

This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and index the content access restrictions will still apply. If you disable this policy setting, the search service components including non-Microsoft components are expect...