German English Translator Free - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application German English Translator Free published at the 'play' market has multiple vulnerabilities...

Hey, Apple User! Check If You are also Affected by the Sparkle Vulnerability

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle MitM attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and...

One after another: the VTech user data leaked, and was broke two major vulnerability-vulnerability warning-the black bar safety net

Recently, the world's largest infant electronic learning product Maker Vtech（Vtech）is aeration 4 8 0 million parents and 6 4 0 million for children information disclosure. ! Due to this event, Vtech its share price fell to a year low. Followed, with security researchers in their innotab Max produ...

SSL Encryption — Securing Internet of Things (IoT)

Internet of Things IoT with the purpose of providing convenience to the users enabled every object in the universe to be as smart as a whip. By assigning IP address to all sorts of devices, ranging from household appliances, machines, medical devices and sensors to other day-to-day objects, and...

Important: Red Hat Security Advisory: Red Hat Gluster Storage 3.1 update

Red Hat Gluster Storage 3.1, which fixes multiple security issues, several bugs, and adds various enhancements, is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Oracle Secure Backup Administration property_box.php Command Injection - Ver2 (CVE-2010-0899)

Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The server allows for single point of management of data present on network attached storage NAS devices and distributed hosts which may have different operating systems. The data in transit is kept secure ...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

stunnel – an SSL encryption wrapper

The stunnel program is designed to work as an SSL encryption wrapper between remote client and local inetd-startable or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. Stunnel uses t...

Upatre Downloader Spreading Dyreza Banking Trojan

The Upatre downloader is the vehicle that has driven numerous banking Trojan and ransomware attacks to the front door of countless victims at great cost. Microsoft on Thursday warned of a wire-transfer spam campaign that it’s spotted that is spreading Upatre and eventually loading the dangerous...

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500...

Google engineers NeelMehta is how to find heart blood vulnerability-vulnerability warning-the black bar safety net

Heartbleed computer security vulnerabilityis by Google engineers NeelMehta found, has always been unwilling to accept media to interview him today for the first time to the media to say how he found this serious vulnerability; and why would go the first time to find the vulnerabilities, and he...

stunnel: Information disclosure

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description stunnel does not properly update the state of the pseudo-random generator after fork-threading which causes subsequent children with the same process ID to us...

Amazon CloudFront Turns On Perfect Forward Secrecy

Add Amazon to the growing list of technology providers ensuring that its encryption capabilities exceed a minimum standard. Yesterday, the company announced that its web content delivery platform Amazon CloudFront had turned on Perfect Forward Secrecy, in addition to a number of changes designed ...

Announcing Project Zero

Posted by Chris Evans, Researcher Herder Security is a top priority for Google. We’ve invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers. Beyond securing our own products,...

CVE-2014-3052

The reverse-proxy feature in IBM Security Access Manager ISAM for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL...

Design/Logic Flaw

The reverse-proxy feature in IBM Security Access Manager ISAM for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL...

CVE-2014-3052

The reverse-proxy feature in IBM Security Access Manager ISAM for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL...

Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack

Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users’ account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson...

WordPress to Deploy SSL on All its Sites by End of 2014

The movement by technology companies to encrypt their respective corners of the Internet continues to gain steam as more and more are enabling SSL and other encryption technologies such as Perfect Forward Secrecy to ward off surveillance and enhance the privacy and security of user data. WordPres...

Mail.ru: Login without SSL-Protection

Hallo, e.mail.ru is not properly protected with SSL encryption It is possible to login without using HTTPS, this could to lead man-in-the-middle password-disclosure. The best, Simon...