FTC Settles With Fandango, Credit Karma Over SSL Issues in Mobile Apps

The makers of two major mobile apps, Fandango and Credit Karma, have settled with the Federal Trade Commission after the commission charged that they deliberately misrepresented the security of their apps and failed to validate SSL certificates. The apps promised users that their data was being...

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities

vAPV: Virtual Application Delivery Controllers for Cloud and Virtualized Environments Powered by Array's award-winning 64-bit SpeedCoretm architecture, vAPV virtual application delivery controllers extend Array's proven price-performance and rich feature set to public and private clouds and...

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities

Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 appliances ------------------------- Affected vendors:...

Sally Beauty Supply Acknowledges Breach of 25K

Twelve days after acknowledging that someone attempted to breach its system, Sally Beauty Supply confirmed this week that an attacker was able to penetrate the company and make off with fewer than 25,000 records of its customers’ sensitive banking information. The chain’s parent company Sally...

The PCI DSS 3.0 SAQs are here!

The Payment Card Industry Security Standards Council PCI SSC released Data Security Standards DSS 3.0 in November 2013 and has just released the related Self-Assessment Questionnaires SAQ. There are two new SAQs, SAQ A-EP and SAQ B-IP...

Security Updates Available for Adobe Flash Player

Adobe has released security updates to address important vulnerabilities in Adobe Flash Player 12.0.0.70 or earlier versions for Windows and Macintosh, and Adobe Flash Player 11.2.202.341 or earlier versions for Linux. Exploitation of these vulnerabilities could compromise data security in a user...

CloudFlare Issues Transparency Report

CloudFlare claims government requests for user data are affecting fewer than .017 percent of their two million global customers The Web performance and security company yesterday issued the report in accordance with the Department of Justice’s new regulations for publishing information pertaining...

APPLE-SA-2014-02-21-2 iOS 7.0.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-21-1 iOS 6.1.6 iOS 6.1.6 is now available and addresses the following: Data Security Available for: iPhone 3GS, iPod touch 4th generation Impact: An attacker with a privileged network position may capture or modify data in sessions...

Fixing Trust Through Certificate Transparency

SAN FRANCISCO–The security of data being transmitted over the Web relies on a large number of moving parts, from the integrity of the machine sending the data, to the security of the browser, to the implementation of encryption, to the fragility of the certificate authority system. Experts have...

The NSA is 'Not Made of Magic'

SAN FRANCISCO–Of the small pool of people who have seen the Snowden documents, few, if any, are as technically savvy and knowledgeable about security and surveillance as Bruce Schneier. And after reading through stacks and stacks of them, Schneier says that yes, the NSA is extremely capable and...

Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities

The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder ...

CVE-2014-1266

The SSLVerifySignedServerKeyExchange function in libsecurityssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a...

CVE-2014-1266

CVE-2014-1266 affects Apple iOS (6.x before 6.1.6, 7.x before 7.0.6), Apple TV (6.x before 6.0.2), and OS X (10.9.x before 10.9.2). The Secure Transport SSLVerifySignedServerKeyExchange function fails to properly verify the TLS Server Key Exchange signature, allowing MITM attackers to spoof an SS...

Dropbox Updates Privacy Policy in Response to Surveillance

The online storage service Dropbox has amended its privacy policy at least in part to better address increased concerns regarding how the service perceives, responds to, and handles government requests for user-data. The new government data requests principles come as part of broader and fairly...

The Internet is Owned--Act Accordingly

PUNTA CANA—Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis...

Microsoft launching 'Transparency Center' for Source code integrity Check

Last Friday at the 50th Munich Security Conference, Microsoft announced to launch 'Transparency centers' around the World, where government customers will be able to verify the source code of Microsoft’s products and can confirm that there are no backdoors. The recent chain of scandals over US...

CVE-2014-0831

Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...

Starbucks Patches Vulnerable iOS App

Starbucks has patched a vulnerability in its iOS app that was found last week spilling user data, including usernames and passwords, by adding what it’s called an “additional safeguard measure” to protect its customers. While it’s a relatively quick turnaround for the company – it only took about...

How to encrypt your files before uploading to Cloud Storage using CloudFogger

In this Internet savvy generation, we want all of our data to be secured at some place. Having backups of your data is always a good idea, whether that data is stored in the Cloud or on your computer. But everyone who is following the Edward Snowden leaks of the NSA's PRISM program now pushed to...

CVE-2014-0435

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security...