Universal Man in the Browser Attacks

Researchers have discovered a new type of Man-in-the-Browser MItB attack that is Website independent, and does not target specific Websites, but instead collects data submitted to all sites. Trusteer have discovered a new Man in the Browser MitB scam that can collects data submitted to all websit...

10 Tips for Getting Started With Security Metrics

It’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path. There are some must-haves that...

Shamoon Malware Steals Data, Overwrites MBR

A new piece of malware known as Shamoon that has the ability to destroy files on infected machines and overwrite the master boot record has researchers scratching their heads, wondering what the tool’s purpose might be and why the attackers behind it would destroy infected PCs. There are some...

OS X Gather Keychain Enumeration

This module presents a way to quickly go through the current user's keychains and collect data such as email accounts, servers, and other services. Please note: when using the GETPASS and GETPASSAUTOACCEPT option, the user may see an authentication alert flash briefly on their screen that gets...

ASEF Android Tool Analyzes App Security and Behavior

A researcher at Qualys has released a new tool designed to allow users–even non-technical ones–to evaluate the security and behaviors of the apps installed on their Android devices. Known as the Android Security Evaluation Framework, the tool not only looks at the general security of an app, but...

Veeam ONE Monitor performance data collection times out

Challenge You are facing the following configuration issue: Veeam ONE Monitor performance graphs show the No Data Available message. Cause VeeamDCS.log file contains the following errors: ​Collecting thread has failed to initialize The operation has timed out and will be stopped Collecting thread...

Google Reportedly Near Settlement With FTC on Safari Tracking

The FTC is nearing completion of its investigation into allegations that Google used a special technique to circumvent the privacy settings on Safari to enable better tracking of users, even when tracking was disabled by the user. The decision may cost Google millions of dollars in fines, but it’...

Open redirect

Open redirect vulnerability in IBM Eclipse Help System IEHS, as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

CVE-2012-2161

CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...

Tightened Security, Regulated App Permissions in Store for iOS 6

In a move that will patch several loopholes with its iPhone, the newest iteration of Apple’s mobile operation system, iOS 6, will come with heightened security, it was revealed at the company’s Worldwide Developers Conference WWDC this week. Releasing this fall but currently available in beta, iO...

ActiveSync Data Collect

Binary data activesynccollect.nbin...

Microsoft Windows Worm.Win32.Flame.A Information Collection

An information collection vulnerability has been reported in all versions of Microsoft Windows. Worm.Win32.Flame.A is a computer worm that targets Windows users. The worm propagates via removable drives and network shares. Once resident, Flame can compromise user privacy using methods such as...

How to change default historical data collection period for Veeam ONE Server

Purpose By default, Veeam ONE Server collects historical performance data from a newly added virtual server for the last 3 months only. In some cases it is necessary to collect data for more than 3 months. Solution To change the default historical performance data collection period for Veeam ONE...

Disabling Collection of Historical Performance Data

How to disable collection of historical performance data and use Veeam ONE Monitor for real-time monitoring only...

Apple Profile Manager Data Collection

Binary data appleprofilemanagercollect.nbin...

FTC Privacy Framework Pushes for Do Not Track, Closer Inspection of Data Brokers

The Federal Trade Commission has issued a new report on consumer privacy and online tracking and among the recommendations the commission makes is that data brokers make themselves known to consumers and be open and transparent about the data they collect on consumers. The FTC also says that...

Security holes in Android with apps Advertisements

Security holes in Android with apps Advertisements Researchers at North Carolina State University have found privacy and security holes in Android apps because of in-application advertisements. They study the popular Android platform and collect 100,000 apps from the official Android Market in...

[SECURITY] Fedora 17 Update: systemtap-1.7-2.fc17

SystemTap is an instrumentation system for systems running Linux. Developers can write instrumentation scripts to collect data on the operation of the system. The base systemtap package contains/requires the components needed to locally develop and execute systemtap scripts...

[SECURITY] Fedora 15 Update: systemtap-1.7-2.fc15

SystemTap is an instrumentation system for systems running Linux. Developers can write instrumentation scripts to collect data on the operation of the system. The base systemtap package contains/requires the components needed to locally develop and execute systemtap scripts...

[SECURITY] Fedora 16 Update: systemtap-1.7-2.fc16

SystemTap is an instrumentation system for systems running Linux. Developers can write instrumentation scripts to collect data on the operation of the system. The base systemtap package contains/requires the components needed to locally develop and execute systemtap scripts...