Lucene search
+L

2577 matches found

ThreatPost
ThreatPost
added 2014/12/04 4:2 p.m.8 views

Ransomware is the Future of Internet of Things Malware

WASHINGTON D.C. — It’s 2020, bitter cold outside, you’re running late for work, and the Linux box that controls your car isn’t going to start unless you wire $20 worth of Bitcoin to an increasingly business-like criminal enterprise operating out of Eastern Europe. Of course it’s not 2020. And to...

7.3AI score
Exploits0References1
ThreatPost
ThreatPost
added 2014/10/03 1:54 p.m.12 views

76M Households, 7M Businesses Impacted in JPMorgan Chase Breach

A securities filing on Thursday revealed that up to 76 million households and seven million small businesses, far more than initially thought, were implicated in the cyber attack that hit JPMorgan Chase over the summer, making it one of the largest data breaches in U.S. history. The New York-base...

0.8AI score
Exploits0References5
The Coalfire Blog
The Coalfire Blog
added 2014/09/09 5:7 p.m.19 views

Apple Pay: A New Way to Pay

Every September, Apple announces exciting new products that promise to change how we interact with not only our devices, but with the world around us. 2014 has been no exception; in San Francisco this morning, Apple announced the iPhone 6, Apple Watch and Apple Pay. Even though Im excited about t...

1AI score
Exploits0
NVD
NVD
added 2014/09/04 5:55 p.m.26 views

CVE-2014-2685

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

7.5CVSS9.6AI score0.02802EPSS
Exploits0References6
Prion
Prion
added 2014/09/04 5:55 p.m.23 views

Authentication flaw

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

7.5CVSS7.2AI score0.02802EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2014/09/04 5:55 p.m.28 views

CVE-2014-2685

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveragin...

7.5CVSS7.2AI score0.02802EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2014/09/04 1:4 p.m.8 views

One in Five Massachusetts Residents Breached in 2013

Roughly one in five Massachusetts residents were affected by a data breach last year, according to numbers released today by the Commonwealth’s Office of Consumer Affairs & Business Regulation OCABR. The number, about 1.2 million residents, is nearly a 60 percent increase from 2012. “Last year wa...

0.7AI score
Exploits0References7
The Hacker News
The Hacker News
added 2014/08/01 10:47 p.m.9 views

Hurray! Unlocking Your Cell Phone is Officially Legal Again

President Barack Obama signed a bill into law Friday that aims to make it legal for consumers to “unlock” their cell phones in order to change their cell phone service providers without paying for a new phone. The bill is known as the Unlocking Consumer Choice and Wireless Competition Act, which...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2014/07/29 9:53 a.m.8 views

Consumer Groups Urge FTC to Halt Facebook Data Collection Program

A collection of privacy and consumer groups from the United States and Europe has asked the Federal Trade Commission to force Facebook to suspend a recently installed program that mines information on sites that users’ visit around the Web in order to serve them interest-based ads. The groups say...

6.7AI score
Exploits0References3
The Coalfire Blog
The Coalfire Blog
added 2014/07/03 7:55 a.m.12 views

Cybersecurity and the Financial Services Industry

2014 is the year that the US Securities and Exchange Commissions Office of Compliance Inspections and Examinations OCIE is turning its focus to cybersecurity, a looming threat to any and all companies that utilize the internet. In case you missed my last post, back in March the OCIE hosted a...

1.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.7 views

British Telecommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24219/info The British Telecommunications Consumer Webhelper ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to bounds-check user-supplied data before copying it into an insufficientl...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/06/19 1:58 p.m.7 views

Google, Microsoft to Implement Mobile 'Kill Switch'

Google and Microsoft will incorporate remote kill switch features into the default builds of their respective mobile operating systems for the first time. Oddly enough, the announcement comes in a joint press release issued by New York Attorney General, Eric Schneiderman, and San Francisco Distri...

6.7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/05/28 4:3 p.m.12 views

FTC Asks Data Brokers, Congress for Transparency, Regulation

The Federal Trade Commission called on data brokers to be more transparent and give users more control over their personal information in a comprehensive report issued yesterday. The 100-plus page document, “Data Brokers: A Call for Transparency and Acccountability,” .PDF criticizes the industry...

6.8AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/05/08 2:36 p.m.16 views

Health and Fitness Apps Poor at Protecting Privacy FTC Says

A recent study conducted by the Federal Trade Commission examined 12 mobile health and fitness apps and found them sending users’ personal information to 76 different third parties. Jah-Juin Ho, an attorney in the FTC’s Mobile Technology Unit shared the research yesterday during a seminar regardi...

6.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/05/08 7:46 a.m.14 views

FTC Discusses Regulating User-Generated Health Information

The proliferation of wearable devices coupled with smartphone apps that monitor heart rates and other health metrics raises an important question: How exactly should the information generated by these devices be regulated? If there’s a fist fight in a bar can a person’s Fitbit accelerator be...

6.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2014/05/06 2:8 p.m.9 views

Dropbox Patches Shared Links Privacy Vulnerability

Dropbox has acknowledged and disabled a vulnerable shared links feature that exposed documents stored by the service to third parties. Shared links are a collaboration feature that allows user, especially in a business environment, to share and edit documents. Dropbox rival Intralinks reported th...

7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/05/02 4:3 p.m.16 views

White House Calls for Transparency from Data Brokers

The White House redirected attention away from the data collection efforts of the intelligence community yesterday with the release of a report that urged data brokers to be more transparent about their own data harvesting. Companies such as Facebook, Google and others make a living collecting th...

0.7AI score
Exploits0References1
The Coalfire Blog
The Coalfire Blog
added 2014/04/22 6:5 p.m.11 views

Heartbleed – When Will the Next Shoe Drop?

Last week, while I was in the offices of one of our customers, a long-present but little-known vulnerability in OpenSSL became public knowledge. Our client detected it early and made the necessary patches and updates. The systems deployed by their customers are now secure. Consumers will change...

2.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/04/10 12:0 a.m.27 views

Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2014:072)

Updated php-ZendFramework packages fix security vulnerabilities : XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform...

7.5CVSS8.6AI score0.02802EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/03/26 12:0 a.m.21 views

Zend Framework XML外部实体和安全绕过漏洞

Bugtraq ID:66358 Zend Framework是一款开放源代码的PHP5开发框架实现。 Zend Framework存在多个安全漏洞: 1,处理XML实体时存在错误,允许攻击者通过特制的包含外部实体引用的XML文档来获取本地文件内容或消耗服务器资源。 2,ZendOpenId和ZendOpenId consumer的登录机制存在错误,允许攻击者利用漏洞无需任意验证凭据伪造其他用户/身份。 0 Zend Framework 1.x Zend Framework 1.12.4已经修复该漏洞,建议用户下载更新: http://framework.zend.com...

7.1AI score
Exploits0
Rows per page
Query Builder