Vulnerabilities in the Internet Explorer browser, which allow a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information

Vulnerabilities that allow for remote execution of code exist in Internet Explorer due to improper access to objects in memory. These vulnerabilities can cause errors when working with memory and allow attackers to execute arbitrary code in the context of the current user...

The vulnerability of the Internet Explorer browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for remote execution of code exists in Internet Explorer due to incorrect access to objects in memory. This vulnerability can cause errors when working with memory and allow attackers to execute arbitrary code in the context of the current user...

The vulnerability of the Java Platform software platform allows a remote attacker to compromise the confidentiality and integrity of protected information.

The vulnerability of the Java SE and Java SE Embedded software platforms allows a remote attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...

How to Crack Android Full Disk Encryption on Qualcomm Devices

The heated battle between Apple and the FBI provoked a lot of talk about Encryption – the technology that has been used to keep all your bits and bytes as safe as possible. We can not say a lot about Apple's users, but Android users are at severe risk when it comes to encryption of their personal...

FTC Closes 70 Percent of Data Breach Investigations, Weighing PCI-DSS Standard

The Federal Trade Commission doesn’t investigate every reported breach, but when it comes to prosecuting data security cases it has an impressive 70 percent closure rate, according to agency officials. FTC Commissioner Maureen Ohlhausen shed light on the agency’s approach to enforcing data securi...

Netgear Router Update Removes Hardcoded Crypto Keys

Netgear has released firmware updates for two of its router products lines, patching vulnerabilities that were reported in January. Users should update to firmware version 1.0.0.59, which includes fixes for an authentication bypass vulnerability and also addresses a hard-coded cryptographic key...

Hackers Find Bugs, Extort Ransom and Call it a Public Service

Crooks breaking into enterprise networks are holding data they steal for ransom under the guise they are doing the company a favor by exposing a flaw. The criminal act is described as bug poaching by IBM researchers and is becoming a growing new threat to businesses vulnerable to attacks. Accordi...

Google Aims to Kill Passwords with Project Abacus

Google wants to kill passwords. And the weapon it wants to use is called Project Abacus, which Google said will become available on Android devices by the end of 2016. The way Project Abacus works is that instead of relying on passwords or two-factor authentication to open your Android phone, you...

The vulnerability of the Microsoft .NET Framework software platform, which allows a perpetrator to gain access to protected information

The vulnerability of the Microsoft .NET Framework software platform is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to protected information by using data in open text format within the client-server da...

Unspecified Vulnerability in Oracle Berkeley DB DataStore Component (CNVD-2016-02437)

Oracle Berkeley DB is the United States Oracle Oracle, an open source embedded database programming libraries, it can be with C, C++, Java, Perl, Python, Tcl and many other languages to bind. dataStore is one of the data storage components. An unspecified vulnerability exists in the DataStore...

CVE-2015-1776

The CVE-2015-1776 issue affects Apache Hadoop 2.6.x where, when the Intermediate data encryption feature is enabled, intermediate data and the encryption key are stored together in a credentials file on disk. This design allows local users to read sensitive information from the credentials file, ...

MIT builds Artificial Intelligence system that can detect 85% of Cyber Attacks

In Brief What if we could Predict when a cyber attack is going to occur before it actually happens and prevent it? Isn't it revolutionary idea for Internet Security? Security researchers at MIT have developed a new Artificial Intelligence-based cyber security platform, called 'AI2,' which has the...

California Kills Phone Decryption Bill

Civil liberty groups and tech firms are celebrating the defeat of a controversial California bill that would have forced phone makers to decrypt their devices by court order. The proposed legislation, AB 1681, died when lawmakers refused to give the bill a vote. But opponents of the bill, who...

X (Formerly Twitter): niche s3 buckets are readable/writeable/deleteable by authorized AWS users

Hi All, I've discovered that the AWS buckets by niche, niche-s3-production, is accessible for authorized AWS users using the AWS command line tools. Issue As such, I have confirmed: - I can list all files in the bucket with the command aws s3 ls s3://niche-s3-production - I can copy files from th...

Jewel Jewels - Customized SSL, Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Jewel Jewels published at the 'play' market has multiple vulnerabilities...

Taptrip Enjoy Foreign Chat - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Taptrip Enjoy Foreign Chat published at the 'play' market has multiple vulnerabilities...

Pregnancy Stages - Base64 encoded String, Exported ContentProvider, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Pregnancy Stages published at the 'play' market has multiple vulnerabilities...

MGASA-2016-0122 Updated moodle packages fix security vulnerability

In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...

Johns Hopkins Researchers: Crypto Flaws Endanger iMessage Integrity

When Apple released its iOS Security Guide for public consumption, it was an unprecedented look inside the security architecture behind its products. For cryptographer and professor Matthew Green and a team of four Johns Hopkins University graduate students, it was a road map to understanding not...

Scores of Serial Servers Plagued by Lack of Authentication, Encryption

Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving data that transfers between them and devices they’re connected to open to snooping, experts warn. To make matters worse, the servers, manufactured by Taiwan-based networking device company...