Tag: cryptography

Disabling Autologon Feature

Symantec Community Leave a comment
I do not need a solution (just sharing information)

Dear Experts , Can you please let me know does disabling/ uninstalling the Autolog on feature on the preboot screen of Windows, decrypt the Encryption by any chance? I am updated with the information that it does not decrypt the machine’s encryption. However it will be helpful if you can provide me a knowledge Base Article from the Symantec support which states regarding the Autologon feature and does it Decrypt the drive or the encryption still remains in the computer . Thanks you . Regards, Pritam Chakraborty

0

Related:

  • No Related Posts

Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability

Cisco Leave a comment

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server’s response.

The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user’s browser.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-wsa-sma-header-inject

Security Impact Rating: Medium

CVE: CVE-2020-3117

Related:

  • No Related Posts

Trend Micro Creates Factory Honeypot and Traps Malicious Attackers

Trend Micro Leave a comment
Dateline City:
DALLAS

Six-month investigation results can help inform protection strategy for industrial environments

DALLAS–(BUSINESS WIRE)–Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced the results of a six-month honeypot imitating an industrial factory. The highly sophisticated Operational Technology (OT) honeypot attracted fraud and financially motivated exploits.

The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud.

Language:
English

Contact:

Erin Johnson
817-522-7911
media_relations@trendmicro.com

Ticker Slug:
Ticker:
4704

Exchange:
TOKYO

ISIN:
JP3637300009

Ticker:
TMICY

Exchange:
OTC Pink

read more

Related:

  • No Related Posts

Encrypted mails by PGP server doesn’t go out via symantec messaging gateway.

Symantec Community Leave a comment
I need a solution

Hi All,

We have a setup like below;

Client –> Exchange Server –> Symantec Encryption Management Server (aka PGP server) –> Symantec Messaging Gateway –> Internet.

The unencrypted emails are processed and going through as expected. No issues.

When I excrypt that message and send, It doesn’t go through. 

Is there something I need to do in my Messaging Gateway or PGP server? 

Please advise. 

Thanks

0

Related:

  • No Related Posts

Secure Hub 10.5 : Enrollment fails with error : “Can't enroll device- WorxHome cannot enroll device because it failed to establish a secure connection with server”

Citrix Leave a comment
Certificate on discovery.mdm.zenprise.com was renewed on 30th of April 2018, which is what caused the issue in the first place.

In order to be able to get past the enrollment URL screen, upgrading Secure Hub is needed.

Known to work version is 10.6.20.

Related:

  • No Related Posts

Cisco Webex Centers Denial of Service Vulnerability

Cisco Leave a comment

A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-centers-dos

Security Impact Rating: Medium

CVE: CVE-2020-3116

Related:

  • No Related Posts

Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability

Cisco Leave a comment

A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device.

The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-vdsd-auth-bypass

Security Impact Rating: Medium

CVE: CVE-2019-16004

Related:

  • No Related Posts

Cisco UCS Director Information Disclosure Vulnerability

Cisco Leave a comment

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device.

The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ucs-dir-infodis

Security Impact Rating: Medium

CVE: CVE-2019-16003

Related:

  • No Related Posts