Indian Government Wiretapping and started BlackBerry interception

According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the India...

German Police eavesdropping Facebook, Gmail, Skype Conversations

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. T...

CVE-2012-3718

Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window aka LoginWindow or Screen Saver Unlock by installing an input method that intercepts keystrokes...

mod_pagespeed -- multiple vulnerabilities

Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...

CVE-2010-5148

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set the secure flag for the Encrypted Session SSL cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2012-4592

The Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

The Portal in McAfee Enterprise Mobility Manager EMM before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Half Million Chinese Android Devices got infected with SMSZombie

The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat h...

Cisco AnyConnect Secure Mobility Client WebLaunch Session Hijack Vulnerability

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an unauthenticated, remote attacker to hijack WebLaunch sessions, which could allow the attacker to intercept sensitive information. The vulnerability is due to the failure to perform certificate name checking in an...

Zeus malware targeting BlackBerry and Android devices

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile ZitMo malware package, targeting Android and BlackBerry devices. Zitmo Zeus in the mobile is the name given to the mobile versions of Zeus, and it's been around for a couple of years already, mostly...

Check Point Abra安全限制绕过和信息泄露漏洞

BUGTRAQ ID: 54360 Check Point Abra可把一台普通PC变为受到全面保护的公司电脑。用户使用Abra，可随时随地、不论离线或在线，通过虚拟专用网（VPN）连接来访问公司电子邮件、文件和应用程序。Abra可在任何一台PC上自动运行，并且利用介质加密来保护U盘内的数据安全。 Check Point Abra在实现上存在安全限制绕过和信息泄露漏洞，成功利用后可允许攻击者获取敏感信息和绕过某些安全限制。 0 Check Point Software Abra 厂商补丁： Check Point Software --------------------...

Deep Packet Inspection Firm Cyberoam Issues Fix Following Private Key Leak

Network security firm Cyberoam issued an over the air update for all of its Deep Packet Inspection DPI devices today after a decrypted version of the company’s universal private key was leaked online over the weekend. The New Jersey-based company pushed the hotfix after an anonymous commenter...

Cyberoam advisory

Vulnerability in Cyberoam DPI devices 30 Jun 2012 CVE-2012-3372 =================================================================== Cyberoam make a range of DPI devices http://www.cyberoamworks.com/ which are capable of intercepting SSL connections. In common with all such devices, in order to...

CVE-2012-3372 : Traffic Interception Vulnerability found in Cyberoam

Traffic Interception Vulnerability found in Cyberoam The TOR team have discovered a fake certificate in the wild. The certificate, issued by a US company called Cyberoam, was used in an attempt to trick a user in Jordan into believing that her/his connection to the TOR website, was private and...

WordPress 3.3.2 Cross Site Scripting

Exploit for php platform in category web applications There is a persistent XSS vulnerability in the wordpress version 3.3.2. However, the severity of this finding is very LOW. The detail is as follow, a Login into an admin account b Navigate to Links - Links Categories c Fill up the required...

NSA intercepting 1.7 billion American electronic communications daily

NSA intercepting 1.7 billion American electronic communications daily Since 9/11, the Agency has been able to "spy" on electronic communications without the need for court-approved warrants. The group has a large complex in Utah that cost $2 billion and holds the data. In 2006 the New York Times...

sp mode mail issue in the verification of SSL certificates

Overview sp mode mail contains an issue in the verification of the SSL server certificate. sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Tsukasa Hamano of Open Source Solution Technology Corporation reported this vulnerability to IPA...

JVN#82029095: sp mode mail issue in the verification of SSL certificates

sp mode mail provided by NTT DOCOMO contains an issue in the verification of the SSL server certificate. Impact Since no warning is issued when connecting to a server that is using an invalid SSL server certificate, a remote attacker may be able to intercept communications. Solution Update the...

Mind that signal

The pace of change in mobile spying applications is rapid. However, when it comes to intercepting phone calls in the field, phones that use the older 2G mobile communications standard are easier to crack. Often, organizations that want to carry out an attack will force a mobile device from 3G int...