openSUSE Security Update : xtrabackup (openSUSE-SU-2013:1864-1)

Percona XtraBackup was updated to 2.1.6 bnc852224 - New Features : - New innobackupex --force-non-empty-directories option - now supports logs created with the new log block checksums - New Features specific to MySQL 5.6: option innodblogchecksumalgorithm in Percona Server 5.6 - Bugs Fixed : -...

齐博CMS任意文件读取(鸡肋，需注册)

简要描述： RT 详细说明： 漏洞一:鸡肋的getshell需注册并能发布文章,需配合apache、iis6解析漏洞 文件 /inc/articfunction.php //采集外部图片 function getoutpic$str,$fid=0,$getpic=1 global $webdb,$lfjuid; if!$getpic return $str; pregmatchall"/http://^ '"+.gif|jpg|png/is",$str,$array; $filedb=$array0; foreach $filedb AS $key=$value if...

ProtonMail: 'NSA-Proof' End-to-End Encrypted Email Service

The Edward Snowden revelations triggered a large-scale movement worldwide towards deploying encryption across the Internet for secure services, which is something the government agencies like NSA and GCHQ have targeted repeatedly, as exemplified by abruptly shutting down Lavabit, a Texas-based...

Android Outlook App Could Expose Emails, Attachments

There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments. Paolo Soto, a researcher with the security firm Include Security, said his team initially dug up the vulnerabilities in November...

NIST SP 800-52 Revision 1 Recommends TLS 1.2 by Jan. 1, 2015

U.S. federal government agencies are being told they should move to TLS 1.2 by the beginning of 2015. The National Institute for Standards and Technology, NIST, recently released NIST Special Publication 800-52 Revision 1, which includes the final public comments made since SP 800-52 was withdraw...

cumin: weak password hashing

Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...

BlackBerry Releases Guidelines to Deter Privacy-Infringing Apps

Aiming to shore up user security BlackBerry this week released a new set of privacy guidelines it’s encouraging third-party app developers to follow to better protect their customers. The guidelines apply to customers’ personally identifiable information PII – the bits of information that apps...

LinkedIn shutting down its security-plagued INTRO app in Early March

Last October, the social network 'LinkedIn' launched a controversial Smartphone app called 'Intro' that intercepts and route all of your emails through LinkedIn servers to inject LinkedIn profiles of the sender directly into the mails. The app was released for Android, as well as iOS devices. Why...

Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

+malware+stole+credit+card+data+from+11+Countries.jpg After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale POS system has become a new...

How to encrypt your files before uploading to Cloud Storage using CloudFogger

In this Internet savvy generation, we want all of our data to be secured at some place. Having backups of your data is always a good idea, whether that data is stored in the Cloud or on your computer. But everyone who is following the Edward Snowden leaks of the NSA's PRISM program now pushed to...

[SECURITY] Fedora 18 Update: gnupg-1.4.16-2.fc18

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

LinkedIn Intro App a Man in the Middle Attack

This is one introduction you may not want to make. LinkedIn’s release of its Intro app yesterday for Apple iOS mobile devices raised more than a few eyebrows for behaviors that are causing security experts to worry. Intro is an integrated service that works hand-in-hand with the Apple Mail app...

CVE-2012-4114

The fabric-interconnect KVM module in Cisco Unified Computing System UCS does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949...

CVE-2012-4114

The fabric-interconnect KVM module in Cisco Unified Computing System UCS does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949...

Questions About Crypto Security Follow Latest NSA Revelations

As security experts and cryptographers continue to debate and discuss the implications of the revelations of the NSA’s capabilities against various encryption protocols and systems, some of the larger Internet companies are taking steps to protect their users’ data against the new threat. Google,...

Scientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64 (20130724)

OpenAFS uses Kerberos tickets to secure network traffic. For historical reasons, it has only supported the DES encryption algorithm to encrypt these tickets. The weakness of DES's 56 bit key space has long been known, however it has recently become possible to use that weakness to cheaply around...

1337pwn Spy v1.0 (RCE / Keylogger / Download & Upload Files)

-------------------------FUNCTIONS-------------------------------- ! Currently, the program is not identified as a virus. ! Control via control panel. + RCE - You can send a command to a remote server, and it has successfully fulfilled. + Keylogger - The program has a keylogger. + Log changes in...

Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability

Cisco Small Business Switches contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to features that rely on SSH or SSL protocols. The vulnerability is due to the processing flaw in malformed packets in the code used by SSH and SSL...

Australian medical centre infected with Ransomware Malware demanding $4000 to Unlock

A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers. The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. "Cyber criminals based mainly throughout Eastern Europe look for...