Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability

Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability -- http://www.info-sec.ca/advisories/Avira-Mobile-Security.html Overview "Avira Mobile Security is the ideal tool to recover a lost phone and ensure that your email has not been compromised." "Avira Mobile Security helps...

Password Cracking Group Decodes 11 Million Ashley Madison Passwords

A San Diego-based password cracking group has taken a big step towards deciphering some of the 36 million odd passwords leaked in last month’s Ashley Madison breach, a move that could quickly lead to the widespread hacking of any users who used the same password on other services. Hackers had...

BSA-2015-007

Summary Security Advisory ID : BSA-2015-007 Component : RC4 Algorithm Revision : 6.0 N/A...

Amazon Linux: Security Advisory (ALAS-2014-387)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)

A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks...

CoreBot Credential-Stealing Malware

A new piece of data-stealing malware has a real thirst for credentials—and the potential for worse trouble down the line. IBM today published a report on CoreBot, generic information-stealing malware designed with enough flexibility to soon ramp up its capabilities to exfiltrate data in real time...

ESPCMS的最新版后台登入绕过

简要描述： 8.25 V6.4.15.08.25 捡漏 详细说明： 在加密算法那 ，一般情况下我们是不能再还原出key了。 他加了这么一段代码 function eccode$string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%', $mcrype = true $result = null; if $operation == 'ENCODE' if extensionloaded'mcrypt' && $mcrype $result = $this-encryptCookie$string, $key; else...

Updated gnutls packages fix security vulnerabilities

It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import CVE-2015-0294. Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this fla...

MGASA-2015-0322 Updated gnutls packages fix security vulnerabilities

It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import CVE-2015-0294. Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this fla...

Hidden-tear - An open source ransomware-like file crypter

| | | | | | | | | | | | | | | | | ' | |/ |/ |/ \ ' \ | / / | '| | | | | | | | | | / | | | | || / | | | || |||,|,||| || \|,|| It's a ransomware-like file crypter sample which can be modified for specific purposes. Features Uses AES algorithm to encrypt files. Sends encryption key to a server...

NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)

A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks...

Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

FreeBSD : gnutls -- MD5 downgrade in TLS signatures (3de36a19-429d-11e5-9daa-14dae9d210b8)

Karthikeyan Bhargavan reports : GnuTLS does not by default support MD5 signatures. Indeed the RSA-MD5 signature-hash algorithm needs to be explicitly enabled using the priority option VERIFYALLOWSIGNRSAMD5. In the NORMAL and SECURE profiles, GnuTLS clients do not offer RSA-MD5 in the signature...

FireMaster - The Firefox Master Password Cracking Tool

FireMaster is the First ever tool to recover the lost Master Password of Firefox. Master password is used by Firefox to protect the stored loign/password information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lo...

Updated DGA Changer Malware Generates Fake Domain Stream

LAS VEGAS — The group behind the DGA Changer downloader has been pretty adept in modifying the malware to elude sandbox detection in particular. Researchers at Seculert today published a report on the latest twist to DGA Changer, which now is able to generate a fake stream of domains if it detect...

Amazon Linux AMI : gnutls (ALAS-2015-575)

It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. CVE-2014-8155 It was found that GnuTLS did not verify whether a hashing...

Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20150722)

It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. CVE-2014-8155 It was found that GnuTLS did not verify whether a hashing...

Medium: gnutls

Issue Overview: It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. CVE-2014-8155 It was found that GnuTLS did not verify whethe...

DSA-3323-1 icu - security update

Bulletin has no description...

Debian Security Advisory DSA 3323-1 (icu - security update)

Several vulnerabilities were discovered in the International Components for Unicode ICU library. CVE-2014-8146 The Unicode Bidirectional Algorithm implementation does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service heap-based...