IBM FlashSystem V9000 Cross-Site Request Forgery Vulnerability

IBM FlashSystem V9000 is a suite of all-flash enterprise storage solutions from IBM USA. The solution provides a full suite of disaster recovery tools including snapshots, cloning and replication to protect data security as well as virtualized configuration and performance management using IBM...

Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers

Should passwords that protect your financial data be less secure than the ones used to lock up selfies, cat videos and tweets swapped on social networks? In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers...

Crypto Panel Experts Clash on FBI-Apple Debate

SAN FRANCISCO—One would think that six of the smartest security people on the planet could come to some sort of collective conclusion on the FBI-Apple debate. But that wasn’t the case today during the annual Cryptographers’ Panel at RSA Conference. The debate over whether Apple should assist the...

CVE-2016-1152

CVE-2016-1152 concerns Cybozu Office, affected versions 9.9.0 through 10.3.0. The vulnerability allows a remote, authenticated user to bypass intended access restrictions and read or write plan data. The vectors are unspecified in the provided documents. CNVD and primary CVE records confirm the b...

Apple Can Still Read Your End-to-End Encrypted iMessages

If you are backing up your data using iCloud Backup, then you need you watch your steps NOW! In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products. When it...

Twitter State-Sponsored Attack Notification

Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified....

ownCloud: Exploiting unauthenticated encryption mode

The owncloud file storage encryption uses the AES encryption algorithm in CFB mode without any authentication. The encryption module is advertised as a way to use a potentially untrusted external storage 1. Let's assume someone uses owncloud with the encryption module and an untrusted storage and...

Microsoft Keeps Backup of Your Encryption Key on its Server — Here's How to Delete it

Have you recently purchased a Windows computer? Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen. Moreover, In case you lost your encryption keys then don't worry,...

The vulnerability of the Oracle Database database management system allows a hacker to compromise information security.

The vulnerability of the Core RDBMS component of the Oracle Database management system is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to compromise information security remotely...

Patent Troll — 66 Big Companies Sued For Using HTTPS Encryption

Are you Using HTTPS on your Website to securely encrypt traffic? Well, we'll see you in the court. At least, that's what CryptoPeak is saying to all big brands that utilize HTTPS on their web servers. BIG Brands Sued for Using HTTPS: 'Patent Troll' Texas-based company CryptoPeak Solutions LLC has...

Checkpoint Cross Site Scripting

Exploit Title: Checkpoint.com sub-domains Reflected XSS RXSS Date: 12/11/2015 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.checkpoint.com Version: / Category: Reflected Cross Site Scripting Google dork: Tested on: checkpoint.com sub-domains Checkpoint description :...

CVE-2015-5021

Affected product: IBM InfoSphere Information Server (DataStage) 11.3 and 11.5. Description: A privilege/escalation vulnerability allows an authenticated DataStage user to bypass job-execution restrictions or view sensitive information via unspecified vectors. Root cause: not explicitly detailed i...

Researcher releases Free Hacking Tool that Can Steal all Your Secrets from Password Manager

Unless we are a human supercomputer, remembering a different password for every different site is not an easy task. But to solve this problem, there is a growing market of best password manager and lockers, which remembers your password for every single account and simultaneously provides an extr...

Meet The World's First Person Who Hacked His Body to Implant a Bitcoin Payment CHIP

Hackers are now going crazy and trying new ways in Biohacking. Until now, we have seen a hacker who implanted a small NFC chip in his hand in order to hack Android smartphones and bypass almost all security measures. However, now the level of craziness has gone to a whole new level. A Swedish...

Western Digital Self-Encrypting Drives Vulnerable

Some consumer-grade, self-encrypting external hard drives are littered with security vulnerabilities that render their encryption an afterthought. An academic paper published in late September took apart a number of drives manufactured by Western Digital that suffer from flaws that are trivial to...

Google Makes Full-Disk Encryption Mandatory for New Android 6.0 Devices

Yes, Google wants you to keep your bits and bytes as safe as possible through encryption. With the launch of Android 5.0 Lollipop last year, Google wanted to make full disk Encryption mandatory, but unfortunately, the idea did not go too well. However, Google thinks the idea will go right this...

[20151002] - Core - ACL Violations

Inadequate ACL checks in comcontenthistory provide potential read access to data which should be access restricted...

Experian Breach: 15 Million T-Mobile Customers' Data Hacked

If you applied for financing from T-Mobile anytime between 1 September 2013 and 16 September 2015, you have been HACKED! – even if you never had T-Mobile service. T-Mobile’s credit application processor Experian was hacked, potentially exposing the highly personal information of more than 15...

Chip Cards Finally Come to America – But What Does it Mean for Merchants and Consumers?

Like it or not, today the U.S. finally adopts EMV technology. While the implementation by most major retailers and large U.S. banks is expected to be delayed, the "chip and PIN" card types are coming to America to stay. The real debate is, will EMV adoption do anything for card data security?...

Hotel Chain Hilton Worldwide Investigating Potential POS Breach

Hilton Hotels and Resorts is reportedly looking into claims that some of its point-of-sale devices were compromised, some potentially as far back as November 2014. Security blogger Brian Krebs notes that Visa sent alerts to financial institutions warning of a breach from April 21 to July 27, but...