New Verizon Marketing Initiative May Violate Users' Privacy

Verizon has drawn the ire of its customers and privacy advocates this week because a new initiative launched by the telecom company may violate users’ privacy. A new marketing program dubbed Precision Market Insights extracts information about Verizon’s customers on Android and iOS platforms...

Gathering Threat Intelligence With Open Tools

Threat intelligence is one of the go-to buzz phrases for many people in the security industry right now, and it’s thrown in so many contexts and situations, it’s quickly becoming almost meaningless. Most people understand that they need to get better information about what’s happening both on the...

Universal Man in the Browser Attacks

Researchers have discovered a new type of Man-in-the-Browser MItB attack that is Website independent, and does not target specific Websites, but instead collects data submitted to all sites. Trusteer have discovered a new Man in the Browser MitB scam that can collects data submitted to all websit...

Multi Gather GnuPG Credentials Collection

This module will collect the contents of all users' .gnupg directories on the targeted machine. Password protected secret keyrings can be cracked with John the Ripper JtR. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Gauss Malware Detection Tool released by Iranian CERT

Iranian National Computer Emergency Response Team releases a tool for Gauss malware detection. Cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. Gauss primarily...

Beijing Huasheng website management system injection vulnerability-vulnerability warning-the black bar safety net

Default background: admin/Login. asp Default password: admin 1 2 3 4 5 6 exp: http://www.xxxxx.com/showpt.asp?id=1568 and 1=2 union select 1,password,3,username,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5 from admin Note: error will return to the home page. As the field does not, to construct their own it!...

Fedora Update for python-crypto FEDORA-2012-8392

Check for the Version of python-crypto OpenVAS Vulnerability Test Fedora Update for python-crypto FEDORA-2012-8392 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CVE-2012-1971

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to garba...

10 Tips for Getting Started With Security Metrics

It’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path. There are some must-haves that...

Shamoon Malware Steals Data, Overwrites MBR

A new piece of malware known as Shamoon that has the ability to destroy files on infected machines and overwrite the master boot record has researchers scratching their heads, wondering what the tool’s purpose might be and why the attackers behind it would destroy infected PCs. There are some...

OS X Gather Keychain Enumeration

This module presents a way to quickly go through the current user's keychains and collect data such as email accounts, servers, and other services. Please note: when using the GETPASS and GETPASSAUTOACCEPT option, the user may see an authentication alert flash briefly on their screen that gets...

FreeBSD-SA-12:05.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:05.bind Security Advisory The FreeBSD Project Topic: named8 DNSSEC validation Denial of Service Category: contrib Module: bind Announced: 2012-08-06 Credits:...

ASEF Android Tool Analyzes App Security and Behavior

A researcher at Qualys has released a new tool designed to allow users–even non-technical ones–to evaluate the security and behaviors of the apps installed on their Android devices. Known as the Android Security Evaluation Framework, the tool not only looks at the general security of an app, but...

Scientific Linux Security Update : kernel on SL4.x i386/x86_64

These updated packages fix the following security issues : - A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not...

Veeam ONE Monitor performance data collection times out

Challenge You are facing the following configuration issue: Veeam ONE Monitor performance graphs show the No Data Available message. Cause VeeamDCS.log file contains the following errors: ​Collecting thread has failed to initialize The operation has timed out and will be stopped Collecting thread...

Scientific Linux Security Update : boost on SL5.x i386/x86_64 (20120221)

The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker...

DEBIAN-CVE-2012-2673

Multiple integer overflows in the 1 GCgenericmalloc and 2 calloc functions in malloc.c, and the 3 GCgenericmallocignoreoffpage function in mallocx.c in Boehm-Demers-Weiser GC libgc before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows...

Google Reportedly Near Settlement With FTC on Safari Tracking

The FTC is nearing completion of its investigation into allegations that Google used a special technique to circumvent the privacy settings on Safari to enable better tracking of users, even when tracking was disabled by the user. The decision may cost Google millions of dollars in fines, but it’...

Android Yome Collection 信息泄露漏洞

CVE ID:CVE-2012-2640 Yome Collection是一款基于Android的应用 Yome Collection会在SD卡上存储IMEI信息，攻击者恶意构建恶意应用，诱使用户安装，在没有READPHONESTATE的权限情况下读取SD卡上的IMEI信息 0 Yome Collection for Android 1.8.3及之前版本 厂商解决方案 用户可联系供应商获得最新的应用版本： http://yomecolle.jp/info/androidoshirase/...

CVE-2012-2640

The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READPHONESTATE permission...