MiracleLinux 8 : cryptsetup-2.3.3-4.el8.1 (AXSA:2022-3029:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3029:01 advisory. cryptsetup: disable encryption via header rewrite CVE-2021-4122 Tenable has extracted the preceding description block directly from the MiracleLinux security...

EUVD-2019-1121

Malware in sbrugna...

EUVD-2017-10287

Malware in sbrugna...

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism allows a hacker to compromise the integrity of the protected information.

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism is related to a discrepancy between the declared functionality of the DisableForwarding directive in the documentation. Exploiting this vulnerability could allow an attacker to compromise the integrity of the...

The vulnerability of the Encryption endpoint protection software, the threat detection and prevention software, and the Dell Endpoint Security Suite Enterprise and Dell Security Management Server – all of which are related to access control deficiencies – allow attackers to increase their privileges.

The vulnerability of the Encryption endpoint protection software, the threat detection and response software, and the Dell Endpoint Security Suite Enterprise and Dell Security Management Server related to security management are related to access control deficiencies. Exploiting this vulnerabilit...

The vulnerability of the ssh-agent agent in the OpenSSH encryption protection mechanism allows attackers to disclose the protected information.

The vulnerability of the ssh-agent agent in the OpenSSH encryption protection mechanism is related to key management errors. Exploiting this vulnerability can allow attackers to disclose the protected information...

Play ransomware gang leaks City of Oakland data

The Play ransomware gang has begun partially publishing data they stole from the City of Oakland, California. The data were in multiple archive files with a collective file size of 10GB. According to the ransomware gang, the files contain "private and personal information data, financial...

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism allows a hacker to induce a service failure.

The vulnerability of the sshd service in the OpenSSH encryption protection mechanism is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Cisco AnyConnect Secure Mobility Client’s encryption protection removal process allows a perpetrator to execute arbitrary code with SYSTEM privileges.

The vulnerability of the Cisco AnyConnect Secure Mobility Client’s encryption protection removal process for Windows involves the creation of temporary files with insecure permissions. Exploiting this vulnerability allows a hacker to execute arbitrary code with SYSTEM privileges...

The vulnerability of the update component of the Cisco AnyConnect Secure Mobility Client encryption protection tool allows attackers to enhance their privileges.

The vulnerability of the update component of the Cisco AnyConnect Secure Mobility Client encryption protection tool is related to privilege management errors. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client encryption protection tool allows a hacker to re-record VPN profiles.

The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client cryptographic security device is related to insufficient validation of input data. Exploiting this vulnerability could allow a hacker to re-record VPN profiles...

How to Avoid the Top Three Causes of Data Breaches in 2019

What's the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021. Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner. Misconfigured Cloud...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative USTR - the nation's lead trade agreement negotiator - formally requested public input on objectives for the renegotiation of th...

CVE-2016-7798

CVE-2016-7798 affects the Ruby OpenSSL OpenSSL gem. The issue is incorrect handling of the IV in GCM mode when the IV is set before the key, enabling context-dependent attackers to bypass encryption protection. The connected advisories indicate fixed/upgraded versions in various distributions (e....

CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. Mitigation A possible workaround to this flaw is, when using aes-256-gcm mod...

SUSE-SU-2016:0164-1 Security update for samba

This update for Samba fixes the following security issues: - CVE-2015-5330: Remote read memory exploit in LDB bnc958586 - CVE-2015-5252: Insufficient symlink verification file access outside the share bnc958582 - CVE-2015-5296: No man in the middle protection when forcing smb encryption on the...

HTTPS Everywhere 3.0 Released

The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites. The EFF developed HTTPS Everywhere in collaboration with The Tor...

SSL/VPN Connectivity, 4.0

Perhaps in an attempt to edge out Microsoft’s Windows Phone or to court to the enterprise-focused in the business sphere, the release of iOS 4 brought SSL and VPN connectivity. The feature, available through applications from Juniper Networks and Cisco Systems, came along with the operating...