MyFitnessPal App Patches Privacy Vulnerability

The details of a patched vulnerability in a popular mobile fitness application have been disclosed three months after a fixed was released. The flaw could have allowed a user to fetch the personal profile of another registered app user. MyFitnessPal deployed a fix on June 26 for a privacy flaw in...

Apple Pay: A New Way to Pay

Every September, Apple announces exciting new products that promise to change how we interact with not only our devices, but with the world around us. 2014 has been no exception; in San Francisco this morning, Apple announced the iPhone 6, Apple Watch and Apple Pay. Even though Im excited about t...

Free CryptoLocker Ransomware Decryption Tool Released

When I say Ransomware, the first nasty piece of malware strikes in the mind is CryptoLocker. A nasty strain of ransomware malware that threatened most of the people around the world by effectively destroying important files of the victims forever. CRYPTOLOCKER - A DEVASTATING THREAT CryptoLocker ...

EFF Releases Open Wireless Router Firmware

The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HO...

Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

No description provided by source. / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...

Experts (answer.php) 1.0.0 - Remote SQL Injection Vulnerability

No description provided by source. ========================================================= Experts answer.php Remote SQL Injection Vulnerability ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacki...

PyPAM - Python bindings for PAM - Double Free Corruption

No description provided by source. === LSE Leading Security Experts - Security Advisory 2012-03-01 === PyPAM -- Python bindings for PAM - Double Free Corruption --------------------------------------------------------- Affected Versions ================= PyPAM = 0.4.2 Red Hat PyPAM = 0.5.0-12...

AT&T Warns Customers of Data Breach

AT&T has notified some of its mobile customers that employees of one of its contractors accessed some customer information, including birth dates and Social Security numbers, in an effort to generate codes that could be used to unlock devices. The company did not specify how many customers were...

LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory 2014-05-22 === FEX Frams' Fast File EXchange - Multiple Issues - - --------------------------------------------------------------------- Affected Versions ================= FEX Frams' Fast File...

F*EX 20140313-1 HTTP Response Splitting / Cross Site Scripting

FEX version 20140313-1 suffers from HTTP response splitting and cross site scripting vulnerabilities. FEX Frams' Fast File EXchange - Multiple Issues - - --------------------------------------------------------------------- Affected Versions ================= FEX Frams' Fast File EXchange...

LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...

LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access

=== LSE Leading Security Experts GmbH - Security Advisory 2014-04-10 === Sitepark Information Enterprise Server IES - Unauthenticated Access --------------------------------------------------------------------- Affected Versions ================= Information Enterprise Server IES Version 2.9 unti...

First AT&T Transparency Report Shows 2,000+ NSL Requests

AT&T, in its first transparency report, said that it received at least 2,000 National Security Letters and nearly 38,000 requests for location data on its subscribers in 2013. The new report from AT&T is the latest in a growing list of publications from telecom companies, Web providers and cell...

[SECURITY] Fedora 19 Update: openjpeg-1.5.1-8.fc19

OpenJPEG is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group JPEG...

Web eXperts文件上传和SQL注入漏洞

No description provided by source. + Author: TUNISIAN CYBER + Exploit Title: Web eXperts FileUpload/SQLi vulnerabilities + Date: 14-01-2014 + Category: WebApp + Google Dork: :intext:"Website Design & Developed By Web eXperts" + Tested on: KaliLinux + Friend's blog: www.na3il.com +Exploit: Web...

Web eXperts Shell Upload / SQL Injection

Author: TUNISIAN CYBER + Exploit Title: Web eXperts FileUpload/SQLi vulnerabilities + Date: 14-01-2014 + Category: WebApp + Google Dork: :intext:"Website Design & Developed By Web eXperts" + Tested on: KaliLinux + Friend's blog: www.na3il.com +Exploit: Web eXperts suffers from a File Upload/SQLi...

IRTF Chair Refuses Removal of NSA Employee as Co-Chair of Crypto Working Group

An NSA employee who is the co-chairman of a cryptography working group affiliated with the IETF will remain in that position despite calls from members to have him removed. The chairman of the Internet Research Task Force, the body that oversees the research group, rejected requests for the remov...

Happy Holidays and Merry Christmas from 'The Hacker News'

The Christmas spirit has finally arrived. It's Christmas Day, a time for family and friends.We have had another wonderful year here at 'The Hacker News', so we not only want to wish you a Happy Holidays and Merry Christmas, but also thank you for reading our articles, commenting, sending tips and...

Microsoft Says ZeroAccess Click-Fraud Botnet Abandoned

Microsoft is declaring the ZeroAccess botnet dead. Two weeks after obtaining a court order to disrupt the botnet’s ability to carry out click-fraud, assistant general counsel Richard Boscovich of Microsoft’s Digital Crimes Unit said late last week that the botmasters behind ZeroAccess had abandon...

The Biggest Security Stories of 2013

As 2013 comes to a close, security experts are looking back at the major stories and developments of the year, including the Edward Snowden NSA leaks and major malware attacks. In this video, Vitaly Kamluk of Kaspersky Lab examines the biggest security news of 2013 and talks about the lasting...