Apple iOS WebKit Information Disclosure Vulnerability (CNVD-2016-01841)

Apple iOS is the operating system used by Apple for a number of smart devices. WebKit is a set of open-source web browser engines developed by KDE, Apple, Google and other companies, and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the...

Twitter State-Sponsored Attack Notification

Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified....

British Intelligence Agency Can Hack Any Smartphone With Just a Text Message

Former NSA contractor and global surveillance whistleblower Edward Snowden told the BBC investigative programme Panorama Monday night that the British intelligence agency GCHQ has powers to hack any smartphones without their owners' knowledge. You heard right. The British Spying Agency have speci...

Network Security Toolkit: NST

Network Security Toolkit NST is a bootable ISO image Live DVD based on Fedora providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x8664 platforms. The main intent of developing this toolkit was to provide the security professional and networ...

Facebook Fired An Intern After He Exposes How to Track Users' Location

Previously, we posted about a privacy issue in Facebook messenger; Aran Khanna, a Harvard University student, discovered ‘A Marauder’s Map’ that could sense and give the geolocations of your friends on the messenger. Khanna had received an opportunity to work as an intern for Facebook… …But desti...

VK.com: Уязвимость в Указание мест на фото + фича + хакинг

Для начало прошу прощения за столько много выделенных ТИПОВ ... коротко с помощью уязвимости можно ставить отметку на фото гео лакации любому пользователю Следование этому пожеланию увеличит вероятность получения награды. Сервис, в котором найдена уязвимость. https:/vk.com/alplaces.php...

Is It Possible to Track Smartphone Location By Monitoring Battery Usage?

Data leaks through power consumption? Don’t be surprised because security researchers have discovered a way to track your every move by looking at your Android smartphone's consumption of the battery power,even if you have GPS access unable. Researchers at Stanford University and Israeli Defense...

SubBrute - Subdomain Bruteforcer

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting https://www.us-cert.gov/ncas/alerts/TA13-088A. This desig...

Espionage Campaign targets iOS devices with Malware apps

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed...

firefox security update

31.3.0-4.0.1 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones 31.3.0-4 - Update to 31.3.0 ESR Build 2 - Fix for geolocation API rhbz1063739 31.2.0-5 - splice workaround rhbz1150082 31.2.0-4 - ppc build fix rhbz1151959...

Passively Sniff Wireless Devices: iSniff GPS

Passively Sniff Wireless Devices iSniff GPS passively sniffs for SSID probes, ARPs and MDNS Bonjour packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based sole...

Open Source OpenSOC Security Analytics Framework Released

Cisco announced today that it has made available through open source a framework that integrates data analytics tools into security operations. “The OpenSOC framework helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly...

Automakers Move to Address Privacy Concerns

Several automakers have agreed on a set of privacy principles that they say will govern the way that they handle personal information generated by vehicles, geolocation data and other sensitive information that is being produced by in-car computers and networks. The principles are the result of...

tinfoleak - Get detailed information about a Twitter user activity

tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user name, picture, location, followers, etc. devices and operating systems used by the Twitter user applications and social networks used by the Twitter user place and geolocation coordinates to generate ...

openSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)

Update to 26.0.1383 - Security fixes bnc798326 - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer...

AlienVault OSSIM SQL Injection and Remote Code Execution

This module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code execution can be gained by...

Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting

AlienVault 4.3.1 Unauthenticated SQL Injection Vulnerability Type: SQL Injection Reporter: Sasha Zivojinovic Company: Gotham Digital Science Affected Software: AlienVault 4.3.1 Severity: Critical =========================================================== Summary...

Multiplatform WLAN Enumeration and Geolocation

Enumerate wireless networks visible to the target device. Optionally geolocate the target by gathering local wireless networks and performing a lookup against Google APIs. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

DrinkedIn BarFinder application安全绕过任意Javascript代码执行漏洞

CVE ID:CVE-2014-1887 DrinkedIn BarFinder application是一款基于安卓的应用。 当使用Adobe PhoneGap 2.9.0或之前版本时DrinkedIn BarFinder application存在安全漏洞，允许远程攻击者控制类似freelifetimecheating.com和www.babesroulette.com之类的站点，来执行任意JavaScript代码，获取地理信息。 0 DrinkedIn BarFinder application for Android 目前没有详细解决方案提供：...

CVE-2014-1887

The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated b...