July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2

July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2 The July 2016 update rollup includes some new improvements and fixes, including the improvements from June 2016 update rollup KB3161606 and May 2016 update rollup KB3156418 for the Windows 8.1 and 2012 R2 platform. We recommend th...

Nord Security: User data not anonymized is sent to analytics server

A good report from @martinbydefault. Although we have never received the IDs and they could not be linked with any specific events, we have removed the connection events altogether. While, even prior to the fix, it was impossible to tie the ID with the username or activity, the reporter's concern...

Facebook Reveals New Data Leak Incident Affecting Groups' Members

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures. In a blog post published Tuesday, Facebook said the app developers that unauthorized...

Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns

Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent. The move came a month after The...

Apple Changes the Way It Listens to Your Siri Recordings Following Privacy Concerns

Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent. The move came a month after The...

Insecure Session Management

contao/core-bundle contains an insecure session management. The old opt-in tokens are not invalidated when a new token is confirmed...

Confirming an opt-in token does not invalidate previous opt-in tokens

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10643.html...

Confirming an opt-in token does not invalidate previous opt-in tokens

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10643.html...

Invalidating opt-in tokens

Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...

Microsoft Office: Disable Opt-in Wizard on first run

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officeoptinwizard.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Disable Opt-in Wizard on first run Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is...

Along with Dating, Here's a List of New Features Coming to Facebook

Facebook announced a whole lot of new features at its 2018 Facebook F8 developers conference, along with the keynote by its CEO Mark Zuckerberg addressing concerns from app developers after Facebook paused 3rd-party app review in the wake of the Cambridge Analytica scandal. Here are some big...

Microsoft Office: Disable Opt-in Wizard on first run

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013opt-inwizard.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Disable Opt-in Wizard on first run Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This progra...

Windows Command Shell, Reverse UDP Stager with UUID Support

Spawn a piped command shell staged. Connect back to the attacker with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 312 include Msf::Payload::Stager include...

USN-3477-4 firefox regression

USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were...

A look into the global drive-by cryptocurrency mining phenomenon

An important milestone in the history of cryptomining happened around mid-September when a company called Coinhive launched a service that could mine for a digital currency known as Monero directly within a web browser. JavaScript-based mining is cross-platform compatible and works on all modern...

CVE-2015-7517

Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to 1 class-doifd-download.php or 2 class-doifd-landing-page.php in public/includes/...

CVE-2015-7517

Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to 1 class-doifd-download.php or 2 class-doifd-landing-page.php in public/includes/...

CVE-2015-7517

CVE-2015-7517 affects the WordPress plugin Double Opt-In for Download (public/includes/ files) with SQL injection via the ver parameter in class-doifd-download.php and class-doifd-landing-page.php. Affected versions are prior to 2.0.9. Root cause is improper handling of user-supplied ver data ena...

Debian DSA-3943-1 : gajim - security update

Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the 'XEP-0146: Remote Controlling Clients' extension, allowing a malicious XMPP server to trigger commands to leak private conversations from encrypted sessions. With this update XEP-0146 support has been disabled by default and...

VMSA-2017-0007:VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS

VMSA-2017-0007 VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0007 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCenter Server updates resolve...