Mitre Tackles Its Critics: Set To Revamp CVE Vulnerability Reporting

Mitre Corporation will introduce a new pilot program for classifying Common Vulnerabilities and Exposures CVE in the coming weeks. The move is in response to a backlash in the security community where some critics contend Mitre is failing to keep pace with a massive influx in the number of report...

Mozilla: Memory leak in libstagefright when deleting an array during MP4 processing (MFSA 2016-20)

Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service memory consumption via an MPEG-4 file that triggers a delete operation on an array...

Amazon Backtracks On Encryption Removal

Amazon reversed course on its unpopular decision to remove encryption from its Fire OS 5 tablets. Over the weekend, Amazon said, customers’ device-level encryption support will return this spring. The move comes after Amazon customers and privacy activists expressed outrage over the company’s...

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

Apple Hackers Ask Court to Vacate Order

SAN FRANCISCO—A laundry list of past and present iPhone experts and cryptography experts today filed an amicus brief asking the courts to vacate their order mandating Apple assist the FBI in unlocking a phone belonging to San Bernardino shooter Syed Farook. Filed by Jennifer Granick and Riana...

Redaxo 5.0.0 - Multiple Vulnerabilities

Redaxo 5.0.0 - Multiple Vulnerabilities === LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of...

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.org/ Tested version...

Redaxo 5.0.0 - Multiple Vulnerabilities

=== LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor:...

Redaxo CMS 5.0.0 Cross Site Scripting / SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor:...

Government Agencies Audit For Juniper Backdoor

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...

Juniper Removes Dual_EC, ANSI X9.31 Algorithms

Juniper Networks announced late Friday it was removing the suspicious DualECDRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering DualEC’s dubious origins, there remain important and unanswered questions about Juniper’s decision ...

Hyatt Hotel Says Payment Systems Hacked with Credit-Card Stealing Malware

Hyatt Hotels Corporation is notifying its customers that credit card numbers and other sensitive information may have been stolen after it found malware on the computers that process customer payments. "We recently identified malware on computers that operate the payment processing systems for...

IOT security: LED lights there are multiple security vulnerabilities-vulnerability warning-the black bar safety net

Recently, there are foreign security experts found Zengge company WIFI LED lamp in the presence of a plurality of security vulnerabilities. Shenzhen levy Aurora Mega science and technologyZENGGE is a set of LED Controller product development, manufacturing, sales and engineering design,...

Honeywell Midas gas detector is exposed to serious vulnerabilities, and then to industrial safety Alarm bell-vulnerability warning-the black bar safety net

! Well-known high-tech manufacturing company Honeywell recently released a firmware update package to fix Midas gas detector of two high-risk vulnerabilities. This is a turnover of 3 0 0 the multi-billion-dollar diversified technology and manufacturing company in the world has its business...

Signal Desktop Released by Moxie Marlinspike

In March when Moxie Marlinspike and Open Whisper Systems released the iOS version of the Signal encrypted messaging app, the noted security researcher promised to expand its reach and among other things, eventually release a desktop version of Signal. That vision was realized on Wednesday with th...

HumHub 0.11.2/0.20.0-beta.2 - SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview ============== Vulnerability Type: 89 - Improper...

xbox-experts.com XSS vulnerability

Vulnerable URL: https://xbox-experts.com/login.php?a=login Details: Description| Value ---|--- Patched:| Yes, at 08.12.2015 Latest check for patch:| 08.12.2015 03:32 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1549142 Google Pagerank| 1 VIP website status:| ...

15-year-old Boy Arrested in connection with TalkTalk Cyber Attack

The arrest is the first major outcome since TalkTalk – the biggest phone and broadband provider in the UK with more than 4 Million customers – had suffered a serious data breach. The Police Service of Northern Ireland PSNI and the investigating officers from the Metropolitan police's cyber crime...

Social Engineering — Free Online Training for Hackers

For most of us Hacking is Technological in Nature. But, we usually forget the most important element of hacking that makes a successful hack from 10% to over 90%... ...The Human Element. And here the Social Engineering comes in. Social Engineering deals with non-technical kind of intrusion and...

FTC, Experts Push Startups to Think About Security From the Beginning

About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go...