China Demands Tech Companies to give them Backdoor and Encryption Keys

A number of western companies are doing big business in China, but now they may have to pay a huge value for to do so. China has introduced strict new banking cyber security regulations on western companies selling technology to Chinese banks. The Chinese government wants backdoors installed in a...

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF:...

Samsung Rebuffs Criticism of Knox Crypto, Password Management

Replies and rebuttals are flying about regarding a report critical of the encryption and password management functions deployed with Samsung’s Knox technology in its Android-based Galaxy and Note mobile devices. Last week, a researcher published an advisory that said a PIN chosen during setup of...

Code injection

CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount...

Stealing Encryption Keys Just by Touching a Laptop

As far sci-fi movies have been entertaining the public, but their ideas have always been a matter of adoption in real life. Just like in any other sci-fi movie, simply touching a laptop can be enough to extract the cryptographic keys used to secure data stored on it. A team of computer security...

OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...

New Pushdo Malware Hacks 11,000 Computers in Just 24 Hours

One of the oldest active malware families, Pushdo, is again making its way onto the Internet and has recently infected more than 11,000 computers in just 24 hours. Pushdo, a multipurpose Trojan, is primarily known for delivering financial malware such as ZeuS and SpyEye onto infected computers or...

OpenSSL Heartbleed Patch Progress Slowing Two Months Later

It’s been more than two months since news broke of the Heartbleed vulnerability in OpenSSL one of the Internet’s most widely deployed cryptographic libraries. In the days and weeks that followed the emergence of the bug, which affected an unknown but arguably vast swath of the Web, vendors were...

Asprox Malware Borrowing Stealth from APT Campaigns

Cybercriminals and advanced attackers are freely borrowing from one another’s repertoires to great success. The latest example involves spammers firing off up to a half-million email messages during limited campaign segments without triggering any detection alarms. Security company FireEye said t...

SEC Consult SA-20140508-0 :: Multiple critical vulnerabilities in AVG Remote Administration

SEC Consult Vulnerability Lab Security Advisory 20140508-0 ======================================================================= title: Multiple critical vulnerabilities product: AVG Remote Administration vulnerable version: all - except issue 2 fixed version: none - except issue 2 impact:...

AVG Remote Administration Bypass / Code Execution / Static Keys

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: AVG Remote Administration vulnerable version: all - except issue 2 fixed version: none - except issue 2 impact: critical...

Apple Fixes Serious SSL Issue in OSX and iOS

Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have...

The Mask Malware: A 7-Year Cyber Espionage Campaign Unmasked

A sophisticated cyber spying operation, The Mask , that has been under the radar for about 7 years and targeted approximately 31 countries, has now been unmasked by researchers at Kaspersky Labs. Researchers believe the campaign has been active since 2007 and is a highly sophisticated nation-stat...

OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...

CentOS Update for java CESA-2014:0097 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2014:0097 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for java-1.6.0-openjdk RHSA-2014:0097-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...

CentOS Update for java CESA-2014:0027 centos5

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2014:0027 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:011)

Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk : An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java applicatio...

OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle ha...