CVE-2014-0399

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security...

CVE-2014-0435

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Function Security...

CVE-2014-0435

CVE-2014-0435 concerns an unspecified vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (versions 6.1, 6.2, 6.3, 6.3.1, 6.3.2). The issue allows remote authenticated users to affect availability via unknown vectors related to Data, Domain & Func...

CVE-2014-0399

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain & Function Security...

Yahoo Mail turns on HTTPS encryption by default to protect users

After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows tha...

Use of 3DES to Encrypt Stolen Target PIN Data Invites Worry

Target Corp.’s admission that encrypted PIN data was stolen in the Black Friday breach was bad news for consumers. For security experts, especially cryptographers, particular exception was taken to the retail giant’s use of Triple DES 3DES encryption to keep the PIN data safe. With all crypto...

Fedora Update for dcraw FEDORA-2013-22929

Check for the Version of dcraw OpenVAS Vulnerability Test Fedora Update for dcraw FEDORA-2013-22929 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Microsoft Expands Encryption Use in Cloud Services to Thwart Surveillance

In response to the growing set of revelations about the NSA’s surveillance methods and alleged compromise of some large technology vendors’ services, Microsoft is taking a number of steps to try and reassure customers about the integrity of the company’s offerings and to greatly expand the use of...

Yahoo to Give Users Option for SSL on All Web Properties

Following months of criticism from security experts and privacy advocates for not deploying SSL across its Web offerings, Yahoo on Monday announced that it will be giving users the option to encrypt all of the data they exchange with the company by the end of the first quarter next year. The chan...

Stealing PIN Codes With a Wink and a Nod

Security researchers have developed a number of different methods to steal or bypass the passcodes on most of the common mobile phone platforms, some of which rely on software bugs and others that are simple social engineering techniques. Now, a pair of researchers from the University of Cambridg...

Threat Outbreak Alert: Fake Information Request Email Messages on October 29, 2013

Medium Alert ID: 31549 First Published: 2013 October 30 19:59 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a request for personal details for the recipient. The text in the email message attempts to convince the...

EUVD-2013-3620

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file...

Adobe Acrobat, ColdFusion Source Code, Customer Data Stolen

Attackers accessed customer IDs, encrypted passwords as well as source code for a number of Adobe products, Adobe chief security officer Brad Arkin announced. Arkin said Adobe is working with law enforcement on the breach in which attackers accessed source code for Adobe Acrobat, ColdFusion,...

APPLE-SA-2013-09-18-2 iOS 7

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-2 iOS 7 iOS 7 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch 5th generation and later, iPad 2 and later Impact: Root certificates have been updated Description:...

Unauthenticated access to private information via tinymce plugin

It is possible for unauthenticated users to retrieve information from a Confluence instance, including tables of contents and change histories for private pages, and lists of all attachments in a space, by making calls to the preview function of the macro REST API in the confluence-tinymce-plugin...

Threat Outbreak Alert: Fake Overdue Payment Notification Email Messages on September 9, 2013

Medium Alert ID: 30715 First Published: 2013 September 10 15:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to Portuguese-language spam email messages that claim to contain a payment notification for the recipient. The text in the email message attempts to...

EMLOG offline writing high-risk security vulnerabilities-vulnerability warning-the black bar safety net

You emlog user, EMLOG Development Group today confirmed EMLOG 5.1 series of versions exist offline writing interface permission validation is not strict, high-risk vulnerabilities. The vulnerability can lead an attacker can bypass the system user authentication mechanism through the offline writi...

MAPCO Incident Highlights the Risks Faced by All Convenience Stores

On May 6, 2013, convenience store operator MAPCO Express, Inc. did a responsible thing - they issued a press release that shared important information about a data security incident that was discovered at their stores. Such notices ---along with a whole lot of behind-the-scenes investigative work...