Chimera Ransomware Promises to Publish Encrypted Data Online

Ransomware continues to elevate itself as perhaps the most worrisome crossover threat affecting consumers and businesses. Already this week, we’ve had an update to the dangerous Cryptowall family of malware that includes new encryption features making that strain of ransomware harder to decrypt...

Yahoo Hires Bob Lord as CISO

Yahoo has filled the vacancy in its CISO office, today announcing the hiring of former Twitter and Rapid7 security executive Bob Lord. Lord starts in his new role Nov. 9. He was most recently Rapid7’s CISO-in-residence; he has spent much of the last two decades in high-profile security positions...

System Hardening Guide

The purpose of system hardening is to eliminate as many security risks as possible. Hardening is the process of securing a system by reducing its attack surface. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a...

Western data WD from the encrypted hard drive was traced to the presence of vulnerability-vulnerability warning-the black bar safety net

Researchers said, there are several versions of the encrypted Western Digital hard drive there are many vulnerabilities, the hack once you get to the physical contact of the opportunity, you can easily get inside the data, during which time you can disregard the hard disk password. Western Digita...

APPLE-SA-2015-09-21-1 watchOS 2

APPLE-SA-2015-09-21-1 watchOS 2 watchOS 2 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment Description: Th...

Apple Addresses Dozens of Vulnerabilities, Embraces Two-Factor Authentication in iOS 9

Apple pushed out iOS 9 Wednesday, addressing a cornucopia of vulnerabilities, including bugs that could lead to arbitrary code execution, credential leakage, and interface spoofing among other issues. But conspicuously absent from the update however is a fix for the vulnerability in AirDrop that...

New Bill Would Grant Lifetime Credit Monitoring to OPM Victims

A group of lawmakers are proposing victims of last month’s expansive Office of Personnel Management hack receive lifetime fraud protection and credit monitoring. Democratic lawmakers on Monday presented the Reducing the Effects of the Cyberattack on OPM Victims Emergency Response, or RECOVER Act...

NSS incorrectly permits skipping of ServerKeyExchange — Mozilla

Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services NSS where the client allows for a ECDHEECDSA exchange where the server does not send its ServerKeyExchange message instead of aborting the handshake. Instead, the NSS client will take the EC key from the ECDS...

TLS Version 1.0 Protocol Detection (PCI DSS)

The remote service accepts connections encrypted using TLS 1.0. This version of TLS is affected by multiple cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. C Tenable Network...

Critical SSL Vulnerability Leaves 25,000 iOS Apps Vulnerable to Hackers

A critical vulnerability resides in AFNetworking could allow an attacker to cripple the HTTPS protection of 25,000 iOS apps available in Apple's App Store via man-in-the-middle MITM attacks. AFNetworking is a popular open-source code library that lets developers drop networking capabilities into...

[SECURITY] Fedora 22 Update: gnupg2-2.1.2-2.fc22

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

DroidStealth — Android Encryption Tool with Stealth Capabilities

We all have Internet-connected smartphones in our pockets, but it’s very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what’s the use if it is cracked by hackers or law enforcement? What if the encrypted files don’t exist in th...

Restoring Encrypted Databases with Veeam Explorer for Microsoft SQL Server

Challenge Restoring an encrypted database with Veeam Explorer for Microsoft SQL Server fails with one of the following errors: Cannot find server certificate with thumbprint '' Transparent Data Encryption is not available in the edition of this SQL Server instance. You are unable to check "Perfor...

Grinder - System to Automate the Fuzzing of Web Browsers

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information such as call stacks with symbol information as well as logging information which can be used...

CHARGE Anywhere Breached, Plain Text Data Accessed

CHARGE Anywhere, a New Jersey-based developer of payment gateway and mobile payment applications, on Tuesday disclosed that it had been breached and that hackers had access to transactions leaving its network, perhaps going back as far as 2009. Most of the traffic was encrypted, the company said ...

Design/Logic Flaw

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache...

CVE-2014-8495

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache...

SSLv3 Protocol vulnerability‘POODLE’to fix the related concepts-vulnerability warning-the black bar safety net

2 0 1 4 years 1 0 On 1 5 December, Google released a report about the SSLv3 “POODLE”of the high-risk vulnerability vulnerability number CVE-2 0 1 4-3 5 6 6 A brief analysis of the report. According to Google's statement, the vulnerability across all of the SSLv3 version, the use of the...

Secure Disk Encryption Software: CipherShed

Secure Disk Encryption Software CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is cross-platform; It is available for Windows, Mac OS X and GNU/Linux...

Instasheep — Instagram Account Hacking Tool Released

Two days ago, we reported at The Hacker News about a critical issue in the most popular image and video sharing service, Instagram app for mobiles, that allows an attacker to hijack users’ account and successfully access private photos, delete victim's photos, edit comments and also post new...