CVE-2013-1351

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...

CVE-2013-1351

CVE-2013-1351 affects all Verax NMS versions prior to 2.1.0. The vulnerability arises from a client-side RSA-based password encryption in the login flow (clientMain.swf) where private/public keys are hardcoded, allowing an attacker to capture and replay the encrypted password against the service....

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen...

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra This document describes the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. About Apple security updates F...

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

Business-central: Encrypted password shown under Object id 7 of errai_security_context

A vulnerability was found in business-central where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed...

The vulnerability of the etc/shadow microprogramming software components of Cisco RV320 and Cisco RV325 allows a hacker to elevate their privileges to the root level.

The vulnerability of the etc/shadow microprogramming software components in Cisco RV320 and Cisco RV325 routers is related to the use of strictly encrypted login credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the root lev...

Creditors Seek to Exhume the Body of a Dead Crypto Executive

Gerry Cotten took at least $137 million to the grave when he died without giving anyone the password to his encrypted laptop...

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...

CVE-2019-8522

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...

Design/Logic Flaw

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...

Code injection

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...

CVE-2019-8522

CVE-2019-8522 affects macOS DiskArbitration. The issue is a logic flaw in state management that could allow an encrypted volume to be unmounted and remounted by a different user without prompting for a password. Apple lists this vulnerability under macOS Mojave 10.14.3/10.14.4 context and explici...

Inspecting TLS Web Traffic - Part 1

In this series of blogs I'm going to talk about how the continued move towards all web traffic being encrypted has impacted enterprise security. In this blog I'm going to focus on the basics - what is encrypted web traffic and how can you proactively control this. TLS encryption is the de-facto...

SYS.1.2.2.A14

Ziel des Bausteins SYS.1.2.2 ist die Absicherung von Microsoft Windows Server 2012 und Microsoft Windows Server 2012 R2. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Threat Analysis Unit (TAU) Threat Intelligence Notification: Cyborg Ransomware

Cyborg Ransomware was found being distributed via spear-phishing email campaign which contains a fake “Windows Update” email which appears as a ‘.jpg’ file in the email attachment, but is instead a ‘.exe’ binary file. It tries to tempt users to click on the malicious attachment file in order to...