Pinpointing Targets: Exploiting Web Analytics to Ensnare Victims

Over the past year, FireEye Threat Intelligence has identified suspected nation-state sponsored cyber-actors engaged in a large-scale reconnaissance effort. This effort makes use of web analytics—the technologies to collect, analyze, and report data The individuals behind this activity have amass...

Microsoft Internet Explorer COptionElement::InvalidateDataListAncestorCollections Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

signaturecollection.clubcolors.com XSS vulnerability

Vulnerable URL: http://signaturecollection.clubcolors.com/searchResult.asp Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 21:51 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

Collection of historical performance data fails after upgrading to vSphere 5.5 Update 3

Challenge After update to vCenter 5.5 U3 historical performance collection fails with error "Unable to collect performance. A specified parameter was not correct. querySpec.size". Cause With vCenter 5.5 Update 3 VMware has limited the size of query in order to protect the vCenter database more...

Privatoria — Best VPN Service for Fast, Anonymous and Secure Browsing

PRIVACY – a bit of an Internet buzzword nowadays. Why? Because the business model of the Internet has now become data collection. If you trust Google, Facebook or other Internet giants to be responsible managers of your data, the ongoing Edward Snowden revelations are making it all clear that thi...

jre7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre8-openjdk-headless: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

Social Media Mining: MassMine

MassMine is a social media mining and archiving application that simplifies the process of collecting and managing large amounts of data across multiple sources. It is designed with the researcher in mind, providing a flexible framework for tackling individualized research needs. MassMine is...

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...

swissdiamondcollection.ch XSS vulnerability

Vulnerable URL: http://www.swissdiamondcollection.ch/english/shop/password.html?email=%27%22%3E%3E%3C/title%3E%27%22%3ESCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28/XSSPOSED/%29%3C/SCRIPT%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS...

Microsoft Responds To Windows 10 Spying Concerns, But It will Still Collect Your Data

After a number of controversial data mining features and privacy invasions within Microsoft's newest operating system, Microsoft finally broke the ice, almost two months since the launch of Windows 10. Microsoft has finally responded to the growing privacy concerns around its new operating system...

'The Hacker News' Weekly Roundup — 14 Most Popular Stories

To make the last week’s top cyber security threats and challenges available to you in one shot, we are once again here with our weekly round up. Last week, we came across lots of cyber security threats like the XCodeGhost malware in Apple’s App Store and lockscreen bypass bug in iOS 9 and iOS 9.0...

AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers

We at The Hacker News are big fans of Security Software – The first thing we install while setting our Computers and Devices. Thanks to Free Security Software that protects Internet users without paying for their security. But, Remember: Nothing comes for FREE "Free" is just a relative term, as o...

IOT Security Pits Regulators Against Market

CAMBRIDGE, Mass. – Listening to today’s privacy panel at the Security of Things Forum, you might have thought you were beamed back to the early 2000s: government people hinting that legislation might be the ultimate solution for security and privacy concerns when it comes to embedded computers an...

Reminder! If You Haven't yet, Turn Off Windows 10 Keylogger Now

Do you know? Microsoft has the power to track every single word you type or say to its digital assistant Cortana while using its newest operating system, Windows 10. Last fall, we reported about a 'keylogger' that Microsoft openly put into its Windows 10 Technical Preview saying the company 'may...

WordPress History Collection Plugin 1.1.1 download.php 任意文件下载

eLouai's Download ScriptERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath"; exit; elseif ! fileexists $filename echo "eLouai's Download ScriptERROR: File not found. USE force-download.php?file=filepath"; exit; ; switch $fileextension case "pdf": $ctype="application/pdf";...

Just Like Windows 10, Windows 7 and 8 Also Spy on You – Here’s How to Stop Them

No plan to install Windows 10 due to Microsoft's controversial data mining and privacy invasions within the operating system? Well, Windows 7 and Windows 8 OS users should also be worried as Windows 10 spying is now headed their way too… Microsoft has been caught installing latest updates onto...

Music Collection, 2.4.6 and below, SQL Injection

Music Collection commuscol, 2.4.6 and below, SQL Injection Fixed in 2.4.10 Notice: http://www.joomlathat.com/news/music-collection/music-collection-2-4-9-released-security-release-2...

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect

Source: https://code.google.com/p/google-security-research/issues/detail?id=416&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id This issue is a variant of issue 192 , which the fix did not address. If XMLSocket connect is called on an object that already has a destroy...