CentOS 5 : nss (CESA-2013:0214)

Updated nss and nspr packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Network Security Services NSS is a set of libraries designe...

Opera Hack, Certificate Theft Redirects Thousands to Malware

Several thousand Opera users may have been presented with script redirecting them to a server hosting malware as a result of a hack of the Opera network and theft of a code-signing certificate. A new version of the browser is available and Opera representatives urge users to update as soon as...

Malware threat to Opera users, Trojan signed with a stolen certificate

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. "On June 19th we uncovered, halted and contained a targeted attack on our internal...

Stolen Opera Code-Signing Certificate Used to Sign Malware

Opera Software said it was able to contain the impact of a security breach that resulted in the theft of an expired code-signing certificate used to sign malware distributed to Windows users during a 36-minute stretch on June 19. Opera developer Sigbjorn Vik said the browser maker was victimized ...

Malware threat to Opera users, Trojan signed with a stolen certificate

On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate. "On June 19th we uncovered, halted and contained a targeted attack on our internal...

Google Play Android Apps Must Update in Google Store

The Google Play store has been an Eden for hackers wanting to get malicious code onto Android devices. A number of things made the marketplace too tempting for attackers to resist, including the open source nature of the operating system, lax vetting of developers, and the ability to modify code ...

Oracle Delays Java 8 Features for Security Overhaul

It’s not quite the development freeze Microsoft underwent during the Trustworthy Computing push, but it’s a start for Oracle, which will delay the release of Java 8 until Q1 of next year, largely because the platform and browser plug-in is such a security disaster. This year has done nothing but...

Sandbox-Bypass Exploits Hacks Java 7u21 Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...

Re: [SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, We wanted to add the following information to our yesterday post. We've learned that RedHat's Bugzilla associates CVE-2013-1537 1 with the RMI issue allowing for a remote loading and execution of arbitrary Java code on servers 2. It looks that Oracle has finally patched RMI vulnerabili...

Java 7u21 Released with Code-Signing Restrictions, Warnings

The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely exploitable. Java 7 update 21 is part of Oracle’s scheduled Critical Patch Updates for the program and...

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

Design/Logic Flaw

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

CVE-2013-0977

CVE-2013-0977 affects Apple iOS prior to 6.1.3 and Apple TV prior to 5.2.1. The issue is a state-management flaw in loading Mach-O executable files with overlapping segments, which allows a local user to bypass code-signing requirements. Impact, as stated in multiple sources, is local execution o...

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64 (20130131)

It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in- the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code...

RedHat Update for nss and nspr RHSA-2013:0214-01

Check for the Version of nss and nspr OpenVAS Vulnerability Test RedHat Update for nss and nspr RHSA-2013:0214-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20130131)

It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in- the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code...

Important: nss

Issue Overview: It was found that a Certificate Authority CA mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL,...

RHEL 6 : nss, nss-util, and nspr (RHSA-2013:0213)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0213 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Running Desktop Apps on Windows RT, The Hackers Way!

A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers Way! A hacker call...