Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's...

In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

IBM Security Verify encryption issue vulnerability

IBM Security VerifyAccess ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

IBM Spectrum Copy Data Management Encryption Issue Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies and automates data center copy management processes, is vulnerable to an encryption issue that stems from the fact that IBM Spectrum Copy Data Management uses a weaker-than-expected encryption algorithm, which could be...

IBM DB2 Information Disclosure Vulnerability (CNVD-2021-99669)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM DB2 for Linux, UNIX, and Windows, which stems fr...

Multiple Huawei products weak security algorithm vulnerabilities

Huawei USG9500 is a data center firewall product, Huawei IPS Module is an Intrusion Prevention System IPS module, and NGFW Module is a Next Generation Firewall NGFW module. A security vulnerability exists in several Huawei products due to the use of weak security encryption algorithms when...

Unspecified Vulnerability in IBM Tivoli Key Lifecycle Manager

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IBM Tivoli Key Lifecycle Manager that stems fr...

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2021-91635)

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation. The software provides key storage, key maintenance, and key lifecycle management for storage devices.A security vulnerability exists in IBM Tivoli Key Lifecycle Manager, which stems from the...

VulnCheck KEV: CVE-2018-15811

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters...

IBM Sterling B2B Integrator Weak Encryption Algorithm Vulnerability (CNVD-2021-82422)

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. IBM Sterling B2B Integrator versions 5.2.0.0-6.0.3.4, 6.1.0.0-6.1.0.3 are vulnerable to a weak encryption algorithm. An attacker could exploit the...

Dell EMC IsilonSD Management Server 加密问题漏洞

DELL Dell EMC IsilonSD Management Server is a management server for EMC IsilonSD storage from Dell USA. Dell EMC IsilonSD Management Server is vulnerable to a cryptographic issue that arises from the use of a corrupted or risky encryption algorithm in the SSH component. A remote attacker could...

Doodle Smart app and Doodle Converter (smart socket) have a flawed logic vulnerability

Doodle Smart is an IoT cloud platform that connects brands, OEMs, developers and chain retailers with their intelligence needs, providing a one-stop AI IoT PaaS-level solution that covers hardware development, global cloud, and smart business platform development, providing comprehensive ecologic...

IBM Sterling Secure Proxy Weak Encryption Algorithm Vulnerability (CNVD-2021-68436)

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a weak encryption algorithm vulnerability. An attacker could...

IBM Security SOAR Information Disclosure Vulnerability

IBM Security SOAR, formerly Resilient, is an IBM product designed to help your security team confidently address cyber threats, automate through intelligence and collaborate through consistency.IBM Security SOAR is vulnerable to an information disclosure vulnerability that stems from the...

Argus Surveillance DVR 4.0 Weak Password Encryption

Exploit Title: Argus Surveillance DVR 4.0 - Weak Password Encryption Exploit Author: Salman Asad @deathflash1411 Date: 12.07.2021 Version: Argus Surveillance DVR 4.0 Tested on: Windows 7 x86 Build 7601 & Windows 10 Reference:...

IBM Cloud Pak for Applications Information Disclosure Vulnerability

IBM Cloud Pak for Applications is an application from IBM USA, Inc. A security vulnerability exists in IBM Cloud Pak for Applications version 4.3, which stems from the application's use of an improper encryption algorithm. An attacker could exploit the vulnerability to be able to decrypt highly...

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed a...