116 matches found
NIST Releases First Post-Quantum Encryption Algorithms
From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes:...
Rapid7’s Ransomware Radar Report Shows Threat Actors are Evolving …Fast.
Few issues keep cybersecurity professionals up at night more than the threat of ransomware. The ubiquity of targets, the relative organization of threat actors, and their multiple paths of entry make combating ransomware particularly formidable. But there is one more facet to this threat that mak...
age Plugins
age is a file encryption tool, library, and format. It lets you encrypt files to “recipients” and decrypt them with “identities”. $ age-keygen -o key.txt Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p $ tar cvz /data | age -r...
Dell PowerScale OneFS 加密问题漏洞
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a cryptographic issue vulnerability that arises from the inclusion of the use of corrupted or risky encryption algorithms. An...
Dell PowerScale OneFS 加密问题漏洞
Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has a cryptographic issue vulnerability that arises from the presence of a vulnerability in the use of corrupted or risky...
EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)
According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...
IBM Semeru Runtime Encryption Issue Vulnerability
IBM Semeru Runtime is a Java Runtime Environment JRE from International Business Machines IBM. IBM Semeru Runtime suffers from a cryptographic issue vulnerability that stems from the use of weaker-than-expected encryption algorithms that could allow an attacker to decrypt highly sensitive...
CentOS 8 : libssh (CESA-2024:0628)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0628 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...
Weak Cryptography
blinksocks is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the usage of weak encryption algorithms and fixed initialization vectors IV within /presets/ssr-auth-chain.js. This issue can be exploited by an attacker to disclose sensitive encrypted information via brute...
CVE-2023-50481
An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js...
CVE-2023-50481
CVE-2023-50481 affects blinksocks 3.3.8. The vulnerability is in the component /presets/ssr-auth-chain.js, due to the use of weak encryption algorithms (and fixed IVs) that can disclose sensitive information. Impact is described as sensitive information disclosure; no exploit details are provided...
Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an...
HCL DRYiCE iAutomate Encryption Issue Vulnerability
HCL Technologies DRYiCE MyCloud is a Hybrid Cloud Lifecycle Management product from HCL Technologies, USA. A security vulnerability exists in HCL DRYiCE iAutomate that stems from the use of broken encryption algorithms...
IBM QRadar SIEM 加密问题漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
Linux: BSI TR-02102-4 Encryption Algorithms
Recommended SSH encryption ciphers from TR-02102-4. Per the recommendations, AEADAES128GCM or AEADAES256GCM should be utilized when possible. Other ciphers accepted by the recommendations are aes128-ctr, aes192-ctr, and aes256-ctr. Note: This check fails if any algorithms are found that are not...
The vulnerability of GnuPG’s information encryption and digital signatures software lies in its weak encryption methods, allowing attackers to gain access to confidential data.
The vulnerability of GnuPG’s information encryption and digital signatures lies in the use of weak encryption algorithms. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data...
Dell EMC Unity Encryption Issue Vulnerability
Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...
IBM Security Verify Governance Encryption Issue Vulnerability
IBM Security Verify Governance, an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risks. IBM Security Verify Governanc has an encryption issue vulnerability that stems...
NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
The U.S. Department of Commerce's National Institute of Standards and Technology NIST has chosen the first set of quantum-resistant encryption algorithms that are designed to "withstand the assault of a future quantum computer." The post-quantum cryptography PQC technologies include the...
OpenSSL RSA Component Remote Code Execution Vulnerability
OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure hashing...