MiracleLinux 8 : cryptsetup-2.3.3-4.el8.1 (AXSA:2022-3029:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3029:01 advisory. cryptsetup: disable encryption via header rewrite CVE-2021-4122 Tenable has extracted the preceding description block directly from the MiracleLinux security...

EUVD-2017-10287

Malware in sbrugna...

EUVD-2019-1121

Malware in sbrugna...

Play ransomware gang leaks City of Oakland data

The Play ransomware gang has begun partially publishing data they stole from the City of Oakland, California. The data were in multiple archive files with a collective file size of 10GB. According to the ransomware gang, the files contain "private and personal information data, financial...

How to Avoid the Top Three Causes of Data Breaches in 2019

What's the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021. Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner. Misconfigured Cloud...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative USTR - the nation's lead trade agreement negotiator - formally requested public input on objectives for the renegotiation of th...

CVE-2016-7798

CVE-2016-7798 affects the Ruby OpenSSL OpenSSL gem. The issue is incorrect handling of the IV in GCM mode when the IV is set before the key, enabling context-dependent attackers to bypass encryption protection. The connected advisories indicate fixed/upgraded versions in various distributions (e....

CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. Mitigation A possible workaround to this flaw is, when using aes-256-gcm mod...

SUSE-SU-2016:0164-1 Security update for samba

This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB bnc958586 - CVE-2015-5252: Insufficient symlink verification file access outside the share bnc958582 - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the...

HTTPS Everywhere 3.0 Released

The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites. The EFF developed HTTPS Everywhere in collaboration with The Tor...

SSL/VPN Connectivity, 4.0

Perhaps in an attempt to edge out Microsoft’s Windows Phone or to court to the enterprise-focused in the business sphere, the release of iOS 4 brought SSL and VPN connectivity. The feature, available through applications from Juniper Networks and Cisco Systems, came along with the operating...

Cisco Clean Access多个远程安全漏洞

Cisco Clean Access CCA是一种用于自动检测、隔离、清除受恶意代码感染的设备访问网络的软件解决方案。 CCA的实现上存在两个安全漏洞，远程攻击得可能利用这些漏洞获取非授权访问或得到敏感信息。 CCA与Cisco Clean Access Manager CAM交互时，交互双方需要相同的密钥，CAM端的密钥在CAM和CAS初始化时设定，CCA实现上的漏洞使此密钥不可被更改，网络上所有相关的设备共享了相同的密钥，可能导致非授权访问。此漏洞的Cisco Bug ID为CSCsd48626，影响如下的CCA版本： CCA releases 3.6.x - 3.6.4.2 CCA...