Security
Headlines
HeadlinesLatestCVEs

Headline

OMIGOD: Azure Users Warned of Critical OMI Vulnerabilities

Security researchers share the details of four flaws in Open Management Infrastructure, which is deployed on a large number of Linux virtual machines in Azure.

DARKReading

Related news

Cloud Data Security Startup Launches

TrustLogix aims to streamline and simplify data governance in the cloud.

Privacy Management for Microsoft 365 Now Generally Available

The tool is designed to automatically discover personal data in organizations' Microsoft 365 environments.

SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks

Company’s virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.

CVE-2021-38915: Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 209947.

CVE-2021-38862: IBM Data Risk Manager information disclosure CVE-2021-38862 Vulnerability Report

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.

CVE-2021-38862: IBM X-Force Exchange

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207980.

CVE-2021-29908: Security Bulletin: IBM Virtualization Engine TS7700 Management Interface (CVE-2021-29908)

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.

CVE-2021-38925: Security Bulletin: Weaker Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2021-38925)

IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171.

Misconfigured Apache Airflow Platforms Threaten Organizations

Security researchers found thousands of credentials for popular cloud-hosted services exposed on insecure instances of the popular workflow management technology.

CVE-2021-29894: IBM X-Force Exchange

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 207320.

CVE-2021-41299: TWCERT/CC台灣電腦網路危機處理暨協調中心-ECOA BAS controller - Use of Hard-coded Credentials

ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.

Cloudflare Ventures into Simplifying Email Security

The company adds complex email security technologies — including the alphabet soup of SPF, DKIM, and DMARC — as part of its service.

iOS 15.0 Gamed Information Disclosure

Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.

CVE-2020-4809: IBM Edge information disclosure CVE-2020-4809 Vulnerability Report

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633.

CVE-2020-4690: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

CVE-2020-4803: Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4803).

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.

CVE-2020-4803: Security Bulletin: Cache control vulnerability affects IBM Edge (CVE-2020-4803).

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535.

CVE-2020-4690: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 186697.

CVE-2020-4805: IBM Edge information disclosure CVE-2020-4805 Vulnerability Report

IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539.

Open Source Software Projects Up Their Security Game but Face More Attacks

Patches for dependencies are trickling up through the open source ecosystem faster than ever — a good thing because attackers are focusing more on open source software.

CVE-2021-29750: Security Bulletin: IBM QRadar SIEM is vulnerable to using weaker than expected cryptographic algorithms (CVE-2021-29750)

IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.

ECOA Building Automation System Hard-coded Credentials SSH Access

The BAS controller is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device.

DARKReading: Latest News

Too Much 'Trust,' Not Enough 'Verify'