Dropbox Reports 80 Percent of Subpoenas Contain Gag Request

Most U.S. government subpoenas for data on Dropbox users are accompanied with a request not to inform the user in question. Dropbox legal counsel Bart Volkmer said those gag orders are repelled unless there is a valid court order. The revelation accompanied the release of the cloud storage...

Mozilla to Support Key Pinning in Firefox 32

Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla’s own sites, all of the sites pinned in...

Simple Dropbox Upload - Arbitrary File Upload

The Simple Dropbox Upload WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

NSA Employees Routinely Pass Around Intercepted Photos

The 31-year-old former US National Security Agency NSA contractor Edward Snowden has warned that during surveillance, among other things, NSA system administrators also intercepted and routinely passed the photos of people in "sexually compromising" situations among other NSA employees. In a vide...

Five Year Old Phishing Campaign Unveiled

UPDATE: A previous version of this story reported that Cyphort found 300,000 stolen credentials on a Gmail server. This figure was incorrectly reported by the firm and has been corrected to the adjusted number, 2,500 stolen credentials, in this story. Details have been disclosed on a five-year-ol...

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

No description provided by source. Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID...

Blackboard Learning System 6.0 Dropbox File Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application does not verify that th...

Targeted String of Paerls Campaign Includes Word Macro Attack

A targeted malware campaign has been uncovered that combines an old-school Microsoft Word Macro malware attack with a decidedly new school approach of redirecting victims to exploits stored on Dropbox. The String of Paerls attacks, which Cisco’s VRT team reported today, targets industries such as...

openSUSE Security Update : samba (openSUSE-SU-2013:1787-1)

"the following security issues were fixed in samba : - ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; bso10229 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

Phishing Campaign Sending Dropbox Links to Zeus Downloads

With more enterprises sharing documents through Dropbox, the free online storage service is popping up in more spam and phishing scams. The latest doesn’t necessarily target data stored by individuals and companies on Dropbox, but instead preys on the trust users have in the service. Researchers ...

LOL, Jar File Malware Just Goes Viral Through Facebook Messages

If you came across any suspicious Facebook message with ‘LOL’ text or a fake Image file send by any of your Facebook friend, avoid clicking it. A Trojan horse is currently circulating in wild through the Facebook social network that could steal your Facebook account data and Credentials. Security...

Dropbox Patches Shared Links Privacy Vulnerability

Dropbox has acknowledged and disabled a vulnerable shared links feature that exposed documents stored by the service to third parties. Shared links are a collaboration feature that allows user, especially in a business environment, to share and edit documents. Dropbox rival Intralinks reported th...

CVE-2013-0300

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary 2 Google Drive or 3 Dropbox...

CVE-2013-0300

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary 2 Google Drive or 3 Dropbox...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary 2 Google Drive or 3 Dropbox...

CVE-2013-0300

CVE-2013-0300 affects ownCloud 4.5.x (before 4.5.7) and related versions, introducing multiple CSRF vulnerabilities in endpoints such as apps/calendar/ajax/changeview.php, apps/files_external/ajax/, and apps/user_webdavauth/settings.php. The flaws allow remote attackers to hijack user authenticat...

CVE-2013-0300

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that 1 change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary 2 Google Drive or 3 Dropbox...

Dropbox Updates Privacy Policy in Response to Surveillance

The online storage service Dropbox has amended its privacy policy at least in part to better address increased concerns regarding how the service perceives, responds to, and handles government requests for user-data. The new government data requests principles come as part of broader and fairly...

My PDF Creator DE DM 1.4 iOS - Multiple Vulnerabilities

My PDF Creator DE DM 1.4 iOS - Multiple Vulnerabilities Document Title: =============== My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1201 Release Date: ============= 2014-02-16 Vulnerability...

Dropbox Publishes 2013 Transparency Report

Dropbox yesterday released a new set of principles that explain how it deals with government requests for customer data. The principles were a companion to its 2013 Transparency Report, which for the first time included National Security Letter requests made to the file hosting service. “We belie...