WhatsApp Flaw leaves User Location Vulnerable to Hackers and Spy Agencies

If you are using WhatsApp to chit-chat with your friends or relatives, then you should be careful about sharing your location with them using WhatsApp ‘Location Share’ feature. No doubt, WhatsApp communication between your phone and company’s server is now encrypted with SSL, which means whatever...

WATCH OUT! Scammers targeting Google Account with Phishing Page hosted on Google Drive

You all are quite aware of phishing attacks, and for those who are not, Phishing scams are typically fraudulent email messages, masquerading as a well known and trustworthy entity in an attempt to gather personal and financial information from victims. However, phishing attacks have become more...

IBM Netezza Performance Portal安全绕过漏洞

Bugtraq ID:66189 CVE ID:CVE-2014-0848 IBM Netezza数据仓库应用设备将存储、处理、数据库和分析融入到一个高性能数据仓库设备中,使大数据高级分析更简单、更迅捷和更易用。 IBM Netezza Performance Portal所使用的Apache WEB服务器默认配置使用低强度的SSL加密，允许攻击者利用漏洞比较容易的进行破解攻击。 0 IBM Netezza Performance Portal 2.0 IBM Netezza Performance Portal 2.0.0.4已经修复该漏洞，建议用户下载更新：...

Fedora Update for mingw-gnutls FEDORA-2014-3454

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2014-3454 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Belkin Wemo Home Automation中间人信息泄露漏洞

BUGTRAQ ID: 65631 CVECAN ID: CVE-2013-6950 Belkin Wemo Home Automation devices 是家电远程控制系列产品。 Belkin Wemo Home Automation固件的分发过程没有使用SSL加密，用明文传输敏感信息，在实现上存在信息泄露漏洞，攻击者可利用此漏洞获取敏感信息。 0 Belkin Wemo Home Automation 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Belkin Wemo Home Automation devices contain multiple vulnerabilities

Overview Belkin Wemo Home Automation devices contain multiple vulnerabilities. Description CWE-321: Use of Hard-coded Cryptographic Key -CVE-2013-6952 Belkin Wemo Home Automation firmware contains a hard-coded cryptographic key and password. An attacker may be able to extract the key and password...

Hackers exploiting Router vulnerabilities to hack Bank accounts through DNS Hijacking

In past months, we have reported about critical vulnerabilities in many wireless Routers including Netgear, Linksys, TP-LINK, Cisco, ASUS, TENDA and more vendors, installed by millions of home users worldwide. Polish Computer Emergency Response Team CERT Polska recently noticed a large scale cybe...

stunnel: Arbitrary code execution

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...

Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....

HTTPS, SSL Minimal Security, Privacy Standard for Email

Yahoo is being second-guessed more today than a mediocre baseball manager. Two days after announcing it would finally turn SSL on by default for its email users starting in January, the company is getting a halfhearted pat on the back from the security industry, which can’t help but ask: “What to...

[Mercury v2.2.0] The Android Assessment Framework

Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication IPC endpoints exported by an application installed on a device. Mercury provides similar functionality to a number of static analysis tools, such as aapt...

[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.23-1.fc17

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Fedora Update for mingw-gnutls FEDORA-2013-2110

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-2110 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Fedora Update for mingw-gnutls FEDORA-2013-2128

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-2128 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 18 Update: mingw-gnutls-2.12.22-1.fc18

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

Unix Command Shell, Reverse TCP SSL (telnet)

Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. This module requires Metasploit: https://metasploit.com/download Current source:...

Beginner Guide to SSL Certificates

The Internet has created many new global business opportunities for enterprises conducting online commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or failure. Whether you are an individual or a...

Fedora Update for mingw-gnutls FEDORA-2012-4451

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2012-4451 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Lynx Message Server 7.11.10.2 Cross Site Scripting / SQL Injection

Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility wide Duress and Emergency Notification" system...

HTTPS SSL encryption Vulnerable To Crypto Attack

HTTPS SSL encryption Vulnerable To Crypto Attack The secure sockets layer SSL and transport layer security TLS encryption protocol, used by millions of websites to secure Web communications via HTTPS, is vulnerable to being decrypted by attackers. Researchers have discovered a serious weakness in...