2581 matches found
Industry Braces for Repeal of ISP Privacy Rules
The U.S. House of Representatives voted Tuesday to overturn rules scheduled to go into effect later this year that would have banned internet service providers such as Comcast, Time Warner Cable and Verizon from tracking user online activities and reselling the data without consumers first...
NetIQ Access Manager Information Disclosure Vulnerability
NetIQ Access Manager provides a simple, secure, and scalable solution to handle all Web access needs. The SAML2 implementation of the Identity Server in NetIQ Access Manager fails to properly handle unsigned SAML requests, allowing an attacker to disclose the results to a potentially malicious...
CVE-2016-5752
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...
Design/Logic Flaw
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester...
Sony Is Working On Mobile-to-Mobile Wireless Charging Technology
So you are in a party with your friends, and your phone is running low on battery. Oops! The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in a party. What if you can charge your phone...
Senator Demands Answers About CloudPets Breach
A U.S. senator has called Spiral Toys onto the carpet for its data security practices in light of the recent CloudPets breach. Sen. Bill Nelson D-FL, a ranking member of the Committee on Commerce, Science and Transportation and backer of a 2016 report on security and privacy concerns related to...
National Consumer Protection Week
March 5–11 is National Consumer Protection Week NCPW, an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission FTC and its fellow agencies highlight free resources to help protect against consumer...
X (Formerly Twitter): [Urgent] Invalidating OAuth2 Bearer token makes TweetDeck unavailable
First of all, really sorry for the unintentional DoS : I was testing it with a fresh bearer token but copied the production one accidentally. Details I've noticed that TweetDeck is using OAuth2 to issue requests Authorization Bearer token: http GET...
Robots Rife With Cybersecurity Holes
Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future. Researchers at IOActive Labs released a report Wednesday warning that consumer, industrial and service robots in use today have serious security vulnerabilities...
Fedora 24 : fedmsg (2017-a73bc7ac5d)
Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validatesignatures switch. There was a bug here where the default value provided in the base class made it appear as ...
FTC Issues Public Challenge to Improve IoT Patching
Admittedly, patching existing connected devices in the wild is easier said than done. But that’s not deterring the Federal Trade Commission from soliciting help in finding a solution. The U.S. government agency today announced the kickoff of the FTC IoT Home Inspector Challenge, a prize contest...
Wacom Consumer Service - Unquoted Service Path Privilege Escalation
Wacom Consumer Service - Unquoted Service Path Privilege Escalation Wacom Consumer Service: http://www.wacom.com By Ross Marks: http://www.rossmarks.co.uk Exploit-db: https://www.exploit-db.com/author/?a=8724 Category: Local Tested on: Windows 10 x86/x64 1 Unquoted Service Path Privilege Escalati...
Wacom Consumer Service - Unquoted Service Path Privilege Escalation
Exploit for windows platform in category local exploits Wacom Consumer Service: http://www.wacom.com By Ross Marks: http://www.rossmarks.co.uk Category: Local Tested on: Windows 10 x86/x64 1 Unquoted Service Path Privilege Escalation Wacom's "Wacom Consumer Service" installs as a service with an...
Wacom Consumer Service - Unquoted Service Path Privilege Escalation
Wacom Consumer Service: http://www.wacom.com By Ross Marks: http://www.rossmarks.co.uk Exploit-db: https://www.exploit-db.com/author/?a=8724 Category: Local Tested on: Windows 10 x86/x64 1 Unquoted Service Path Privilege Escalation Wacom's "Wacom Consumer Service" installs as a service with an...
HPSBHF3549 rev.2 - ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: Dmytro Oleksiuk VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PC...
[SECURITY] Fedora 24 Update: kf5-kactivities-5.24.0-1.fc24
A KDE Frameworks 5 Tier 3 API for using and interacting with Activities as a consumer, application adding information to them or as an activity manager...
Lenovo Accelerator Application Insecure Update Mechanism
Lenovo Security Advisory: LEN-6718 Potential Impact: Remote code execution by an attacker with local network access Severity: High Scope of Impact: Lenovo products described below Summary Description: A vulnerability was identified in the Lenovo Accelerator Application software which could lead t...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the Android operating system’s media server is related to the improper initialization of certain data structures. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a specially created application, which is associated with the...
FCC, FTC Investigate Mobile Security Update Practices
The glowing lack of public, real-world Stagefright exploits didn’t stop the U.S. government from using last summer’s blockbuster Android vulnerability as an illustration of the dangers facing mobile device users. Under the context of Stagefright exposing up to 1 billion devices to attack, the...
CVE-2016-2460
mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and...