Tor-enabled Point-of-Sale malware 'ChewBacca' stole Credit Card data from 11 Countries

+malware+stole+credit+card+data+from+11+Countries.jpg After the massive data breaches at U.S retailers Target and Neiman Marcus in which financial credentials of more than 110 million and 1.1 million customers were compromised respectively, shows that the Point of Sale POS system has become a new...

How to encrypt your files before uploading to Cloud Storage using CloudFogger

In this Internet savvy generation, we want all of our data to be secured at some place. Having backups of your data is always a good idea, whether that data is stored in the Cloud or on your computer. But everyone who is following the Edward Snowden leaks of the NSA's PRISM program now pushed to...

[SECURITY] Fedora 18 Update: gnupg-1.4.16-2.fc18

GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

LinkedIn Intro App a Man in the Middle Attack

This is one introduction you may not want to make. LinkedIn’s release of its Intro app yesterday for Apple iOS mobile devices raised more than a few eyebrows for behaviors that are causing security experts to worry. Intro is an integrated service that works hand-in-hand with the Apple Mail app...

Questions About Crypto Security Follow Latest NSA Revelations

As security experts and cryptographers continue to debate and discuss the implications of the revelations of the NSA’s capabilities against various encryption protocols and systems, some of the larger Internet companies are taking steps to protect their users’ data against the new threat. Google,...

Scientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64 (20130724)

OpenAFS uses Kerberos tickets to secure network traffic. For historical reasons, it has only supported the DES encryption algorithm to encrypt these tickets. The weakness of DES's 56 bit key space has long been known, however it has recently become possible to use that weakness to cheaply around...

1337pwn Spy v1.0 (RCE / Keylogger / Download & Upload Files)

-------------------------FUNCTIONS-------------------------------- ! Currently, the program is not identified as a virus. ! Control via control panel. + RCE - You can send a command to a remote server, and it has successfully fulfilled. + Keylogger - The program has a keylogger. + Log changes in...

Cisco Small Business Switches SSH Packet Processing Denial of Service Vulnerability

Cisco Small Business Switches contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition to features that rely on SSH or SSL protocols. The vulnerability is due to the processing flaw in malformed packets in the code used by SSH and SSL...

Australian medical centre infected with Ransomware Malware demanding $4000 to Unlock

A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers. The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. "Cyber criminals based mainly throughout Eastern Europe look for...

Design/Logic Flaw

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as...

Apple Remote Desktop < 3.5.3 / 3.6.1 Information Disclosure (Mac OS X)

According to its version, the Admin component in the Apple Remote Desktop install on the remote host reportedly fails to encrypt data and does not issue a warning when connecting to a third-party VNC server with 'Encrypt all network data' set. This could lead to information disclosure. C Tenable...

MatrixDAR - First Military Grade Encryption for Android

AuthenTec, a leading provider of mobile and network security, today introduced a new security offering that provides military-grade encryption to data stored on today's Android smartphones and tablets without sacrificing device performance. AuthenTec's MatrixDARTM for Android meets the stringent...

Survey Shows 85 Percent of Small Business Owners Convinced a Data Breach Unlikely

If a newly released survey is any indication, publicized data breaches aren’t enough to prompt small businesses to better protect their customer or employee data. A survey released this week by The Hartford found 85 percent of small business owners believe a data breach is unlikely and often lack...

UNC-Charlotte Data Breaches Expose 350,000 Social Security Numbers and Much More

Confidential data, including bank account and Social Security numbers for some 350,000 University of North Carolina-Charlotte students, staff and faculty, were accidentally exposed — some for almost 15 years — due to a system misconfiguration and incorrect access settings that made electronic dat...

Indian government get access to BlackBerry messages

Indian government get access to BlackBerry messages After a battle lasting almost two years, BlackBerry maker Research In Motion has knuckled under to the Indian government, giving security forces in that country access to private instant messages. RIM decided to set up Blackberry servers that we...

Use the Cloud

When it comes to search and seizure by customs agents, the cloud is your friend. A plethora of online services today make it easy to simply copy your sensitive data – or your entire drive’s contents – up to a hosted storage server. Once again, you’ll want to make sure that the connection to...

Ransomware Claims To Sniff Out Porn For The Police

Peddlers of ransomware are increasing their effectiveness by tailoring region-specific versions of a scam that impersonates local police. Microsoft has identified four variants of a ransomware scheme in which online criminals are using the good name of law enforcement agencies to trick victims in...

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

Data Encryption, 3.1/3GS

Apple’s decision to add data encryption with the iPhone 3GS was a nod to enterprise customers who wanted to offer iPhones to their employees, but were wary of the lack of security features compared with competing platforms like RIM’s Blackberry. Still, when they finally got around to it – with th...