MiracleLinux 7 : xmlsec1-1.2.20-7.el7 (AXSA:2017-1915:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1915:01 advisory. XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards XML Digital...

Understanding the NCSC’s New API Security Guidance

Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre NCSC has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that...

[SECURITY] Fedora 42 Update: php-phpseclib3-3.0.43-1.fc42

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

Azure Linux 3.0 Security Update: cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes (CVE-2024-28180)

The version of cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28180 advisory. - Package jose aims to provide an...

[SECURITY] Fedora 40 Update: php-phpseclib-2.0.48-1.fc40

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

Moderate: Red Hat Security Advisory: jose security update

An update for jose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

POODLE SSLV3.0 Security Issue Workaround for License Server

Citrix Licensing 11.12.1 for Windows might be vulnerable to the Padding Oracle On Downgraded Legacy Encryption POODLE vulnerability. POODLE affects older standards of encryption - Secure Socket Layer SSL version 3 but not the newer encryption method Transport Layer Security TLS. Citrix suggests t...

Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked...

Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP

The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...

Security Advisory 0058

Security Advisory 0058 PDF Date: December 16th, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | December 16th, 2020 | Initial Release The CVE-ID tracking this issue is: CVE-2020-3702 CVSSv3.1 Base Score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Description This advisory...

Microsoft Netlogon Vulnerability (CVE-2020-1472 – Zerologon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

Update October 1, 2020: Microsoft has added step-by-step Zerologon patching instructions because the original instructions "proved confusing to users and may have caused issues with other business operations." Update October 1, 2020: Qualys released new QID 91680 to add a remote unauthenticated...

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives SSD that...

Hijacking Philips Hue

We were filming a smart home hacking piece on the 5th May this year. Like most home users, the Wi-Fi PSK wasn’t strong enough, so we cracked it and joined the network. The user had a Philips Hue lighting system. None of us here had looked at Hue before - we made an assumption after the previous...

Anti-Surveillance Measure Quashed: Orlando Massacre Cited as Reason

The House voted Thursday to block passage of an amendment aimed to rein in U.S. domestic mass surveillance by the NSA and protect strong encryption standards citing Sunday’s Orlando tragedy as reason to fight surveillance reforms. The so-called Massie-Lofgren amendment was considered a key privac...

Meaningful Surveillance Reform Risks Defeat Over US House Rules Change

Civil liberties groups are anxiously waiting to see if an anti-surveillance amendment will be added to a Department of Defense spending bill Tuesday. The so-called Massie-Lofgren amendment would rein in U.S. domestic mass surveillance by the NSA and protect U.S. encryption standards. The amendmen...

Russian Government Asks Apple to Hand Over iOS and Mac Source Code

Just few days after the announcement that Russian government will pay almost 4 million ruble approximately equal to $111,000 to the one who can devise a reliable technology to decrypt data sent over the Tor, now the government wants something which is really tough. APPLE & SAP, HAND OVER YOUR...

Obama Orders NSA Bulk Metadata Surveillance Reforms

President Obama today announced reforms to the National Security Agency’s bulk metadata collection program under Section 215 of the PATRIOT Act, ordering a transition that would end the program as it exists today, and prohibit the government from storing and accessing the data without secret cour...

NSA Bulk Telephony Metadata Collection Program Legal

A federal court today shot down a challenge by the American Civil Liberties Union ACLU to the National Security Agency’s bulk phone metadata collection program, determining that the spy agency’s actions are legal. The ruling by U.S. District Court judge William Pauley contradicts a Dec. 16 D.C...

Technologists Scrutinize Impact of Surveillance on Economy

If you’re looking for silver linings among the Snowden leaks and the breadth of the NSA’s surveillance activities, they could be found in two things: 1 the math upholding encryption technology is, as far as we know, solid; and 2 Tor apparently drives the U.S. spy agency batty. “I’m surprised,” sa...

CentOS Update for xmlsec1 CESA-2011:0486 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...