May 2022 - Page 43 of 179 - Cyber Security News

CWE-343 – Predictable Value Range from Previous Values

Description The software's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities...

rocco

May 26, 2022May 26, 2022

CWE

CWE-342 – Predictable Exact Value from Previous Values

Description An exact value or random number can be precisely predicted by observing previous values. Modes of Introduction: - Architecture and Design Related...

rocco

May 26, 2022May 26, 2022

CWE

CWE-341 – Predictable from Observable State

Description A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as...

rocco

May 26, 2022May 26, 2022

CWE

CWE-340 – Generation of Predictable Numbers or Identifiers

Description The product uses a scheme that generates numbers or identifiers that are more predictable than required. Modes of Introduction: - Architecture and Design ...

rocco

May 26, 2022May 26, 2022

CWE

CWE-34 – Path Traversal: ‘….//’

Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled...

rocco

May 26, 2022May 26, 2022

CWE

CWE-339 – Small Seed Space in PRNG

Description A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks. PRNGs are entirely deterministic...

rocco

May 26, 2022May 26, 2022

CWE

CWE-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Description The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. Modes of Introduction: -...

rocco

May 26, 2022May 26, 2022

CWE

CWE-337 – Predictable Seed in Pseudo-Random Number Generator (PRNG)

Description A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time. The use of predictable seeds...

rocco

May 26, 2022

CWE

CWE-336 – Same Seed in Pseudo-Random Number Generator (PRNG)

Description A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized. Given the deterministic nature of PRNGs, using the same...

rocco

May 26, 2022May 26, 2022

CWE

CWE-335 – Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Description The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds. Modes of Introduction: - Architecture and Design Related...

rocco

May 26, 2022May 26, 2022

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist

watchTowr Finds New Zero-Day Vulnerability in Fortinet Products

Good Essay on the History of Bad Password Policies

Ransomware Groups Use Cloud Services For Data Exfiltration

O2’s AI Granny Outsmarts Scam Callers with Knitting Tales

Safeguarding Healthcare Organizations from IoMT Risks

An Interview With the Target & Home Depot Hacker

Month: May 2022

CWE-343 – Predictable Value Range from Previous Values

CWE-342 – Predictable Exact Value from Previous Values

CWE-341 – Predictable from Observable State

CWE-340 – Generation of Predictable Numbers or Identifiers

CWE-34 – Path Traversal: ‘….//’

CWE-339 – Small Seed Space in PRNG

CWE-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-337 – Predictable Seed in Pseudo-Random Number Generator (PRNG)

CWE-336 – Same Seed in Pseudo-Random Number Generator (PRNG)

CWE-335 – Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)