EFF Who Has Your Back Privacy Report Hails Apple, Yahoo

Technology companies have responded to the challenge to privacy and civil liberties unearthed by the Snowden leaks with a determined effort to increase transparency around government requests for user data. Some have done a better job than others. Large ISPs such as AT&T, Verizon and Comcast...

SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances

SEC Consult Vulnerability Lab Security Advisory 20140423-0 ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance AVA vulnerable version: All Arkeia Network Backup releases ASA/APA/AVA since 7.0.3...

Apple iOS 7 Updates Silently Remove Encryption for Email Attachments

There is no question that Mobile devices have become a staple in everyday living around the world. But have you ever asked yourself, How Secure are the Android, iPhone or any other Smart devices? It is really important for us to think about the Security and Privacy of our Data stored in...

Google Working On End-to-End Encryption for Gmail Service

Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don’t cloud and email Services encrypt the data stored on their server? Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and...

F-Secure Messaging Security Gateway 7.5.0.892 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities F-Secure Messaging Security Gateway V7.5.0.892 II. BACKGROUND ------------------------- F-Secure Messaging Security Gateway protects your company's confidential data. Users can easily send encrypted e-mails, and the...

IRCCloud: Bug in iOS application which could lead to unauthorised access.

Hi, The file under the Preferences folder within the iOS application stores sensitive information: com.irccloud.IRCCloud.plist. This file stores the user's authenticated session identifier. Stealing this information would allow unauthorised access to a user's account. The content of the file can ...

Disabling 'Find My iPhone' on iOS 7 without any Password

iOS devices have a feature called 'Find My iPhone', allows device owner to locate their stolen devices using linked Apple ID with iCloud Account. Unfortunately, a security flaw in iOS make it possible to turn off Find My iPhone without a password and enabled thieves to bypass the protection which...

YAHOO! Now Encrypts Everything; Encrypted Yahoo Messenger Coming Soon

ON HIGH-PRIORITY YAHOO! is finally rolling out encryption implementation over their site and services in order to protect users. Yahoo is rapidly becoming one of the most aggressive supporters of encryption, as in January this year Yahoo enabled the HTTPS connections by default, that automaticall...

New Platform Protects Data From Arbitrary Server Compromises

Researchers are in the midst of rolling out a secure new platform for building web applications that can protect confidential data from being stolen in the event attackers gain full access to servers. The platform, Mylar, is the result of a project spearheaded by students at the Massachusetts...

CVE-2013-3976

The 1 Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the 2 FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain...

Design/Logic Flaw

The 1 Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the 2 FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain...

Vodafone Germany rolls out SIM Card-based end-to-end Encryption

Since mobile has become a basic need for every common as well as important figure now a days. So, every company is highly working to find more effective ways to protect sensitive data of their users and in the race, Vodafone lead the game. In collaboration with its security partner Giesecke &...

Apple Updates iOS Security Guide

Apple rarely offers anyone a glimpse inside its walled-off security garden. The last time it did was in the spring of 2012 when it released a detailed paper on the security of its iOS operating system for iPhones and iPads. The company also presented a much-anticipated if not anticlimactic...

Apple Releases Security Updates for iOS devices and Apple TV

Apple has released updates for iOS and Apple TV devices to address a vulnerability that allows an attacker with a privileged network position to capture or modify data in protected SSL/TLS sessions. Updates are available: iOS 6.1.6 for iPhone 3GS and iPod touch 4th generation. iOS 7.0.6 for iPhon...

DELL SonicWALL Universal Management Suite 7.1 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in DELL SonicWALL Universal Management Suite v7.1 II. BACKGROUND ------------------------- DellR SonicWALLR provides intelligent network security and data protection solutions that enable customers and partners to...

Realistic Risk Assessment Key to Security Management

PUNTA CANA – Although it may not be the most thrilling part of a security team’s job, the idea of operational risk assessment and management is perhaps the most important aspect of organizational security. Steve Adegbite, senior vice president in charge of enterprise information security program...

'Our Threat Model Has Changed'

PUNTA CANA–The golden era of bulk surveillance through the acquisition of phone records and other data from telecommunications companies may already be fading, but the larger threat to privacy and security is just beginning to emerge: the use of legal tools and coercion to get around encryption a...

Crypto Pioneers Write Letter on NSA Surveillance to Obama

Perhaps the biggest condemnation of President Obama’s address last Friday announcing reforms to the NSA’s surveillance programs was his failure to mention any of the agency’s alleged involvement in subverting cryptography standards and the impact that has had on the trustworthiness of products...

Starbucks Patches Vulnerable iOS App

Starbucks has patched a vulnerability in its iOS app that was found last week spilling user data, including usernames and passwords, by adding what it’s called an “additional safeguard measure” to protect its customers. While it’s a relatively quick turnaround for the company – it only took about...

Starbucks' iOS app storing user credentials in plain text

Watch out, coffee drinkers. If you are one of those 10 million Starbucks customers, who purchases drinks and food directly from their Smartphones, this news is for you! If you use Starbucks’ official iOS app, you should know that the company is not encrypting any of your information, including yo...