Malicious Typo-Squatting

fabric-js is a malicious typo-squatter package. The packages uses a similar name to a legitimate library so that developers may mistake it for the real one but executes malicious actions under the hood such as stealing environment variables upon installation...

Malicious Typo-Squatting

mariadb is a malicious typo-squatted package. The package uses a similar name to another library so that developers may mistake it for a legitimate package but executes malicious actions under the hood such as stealing environment variables on installation...

Confirmed—Microsoft Buys GitHub For $7.5 Billion

Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system,...

[SECURITY] [DLA 1393-1] Debian 7 Long Term Support reaching end-of-life

The Debian Long Term Support LTS Team hereby announces that Debian 7 "Wheezy" support has reached its end-of-life on May 31, 2018, five years after its initial release on May 4, 2013. Debian will not provide further security updates for Debian 7. A subset of Wheezy packages will be supported by...

Design/Logic Flaw

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies

A team of academic researchers has tested the phonetic wherewithal of smart-home assistants Amazon Alexa and Google Home, finding it possible to closely mimic legitimate voice commands in order to carry out nefarious actions. The researchers, a composite team from Indiana University in Bloomingto...

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code...

Intel® SGX SDK and Intel® SGX Platform Software Updates

Summary: Intel® Software Guard Extensions Software Development Kit SDK and Platform Software PSW utilize the Intel® Integrated Performance Primitives Cryptography Library. Vulnerabilities in this cryptography library have been reported that may enable a local attacker running malware utilizing...

[SECURITY] Fedora 26 Update: scummvm-tools-2.0.0-1.fc26

This is a collection of various tools that may be useful to use in conjunction with ScummVM. Please note that although a tool may support a feature, certain ScummVM versions may not. ScummVM 0.6.x does not support FLAC audio, for example. Many games package together all their game data in a few b...

[SECURITY] Fedora 28 Update: scummvm-tools-2.0.0-1.fc28

This is a collection of various tools that may be useful to use in conjunction with ScummVM. Please note that although a tool may support a feature, certain ScummVM versions may not. ScummVM 0.6.x does not support FLAC audio, for example. Many games package together all their game data in a few b...

Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

Calls For Regulation Build After Facebook Privacy Fallout

As Facebook CEO Mark Zuckerberg appeared before Congress this week, politicians stressed the need for regulation to secure end users’ data privacy on social media platforms. The series of hearings on Tuesday and Wednesday gave members of Congress an opportunity to question Facebook about multiple...

Facebook Offering $40,000 Bounty If You Find Evidence Of Data Leaks

Facebook pays millions of dollars every year to researchers and bug hunters to stamp out security holes in its products and infrastructure, but following Cambridge Analytica scandal, the company today launched a bounty program to reward users for reporting "data abuse" on its platform. The move...

REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

Mozilla Tests DNS over HTTPS: Meets Some Privacy Pushback

The Mozilla Foundation is testing a new mechanism for securing domain name server traffic that uses the encrypted HTTPS channel. It is an attempt to speed up the internet, reduce the threat of man-in-the-middle attacks and keep prying eyes from monitoring what users do online. Starting in the nex...

Security vulnerabilities fixed in Thunderbird 52.7 — Mozilla

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandb...

Facebook Data Privacy Policies Bashed By Critics After Cambridge Analytica Incident

Facebook is in hot water after acknowledging that a consulting group – that has worked on several high profile political campaigns, including that of President Donald Trump’s – used the social media company’s platform to harvest the data of 50 million users. The company last week said that in 201...

[SECURITY] Fedora 26 Update: tor-0.3.1.10-1.fc26

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

CVE-2017-17478

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code up to 64 characters into a text field in Designer Studio, after establishing context. Designer Studio is the...