Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications

Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...

[SECURITY] Fedora 28 Update: python37-3.7.2-2.fc28

Python 3.7 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, update your Fedora to a newer version once Python 3.7 is stable...

Someone Hacked PHP PEAR Site and Replaced the Official Package Manager

Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR pear-php.net after they found that someone has replac...

#OTTuesday: Who Wins in a Format War - A Chat with Encoding.com

If you asked anyone 10 years ago who the winner would be in the over online video formats, you would have heard some strong opinions -- and some incorrect predictions. Video standards and formats will continue to change as long as users demand new ways to view content. AkamaiTV's Nelson Rodriguez...

[SECURITY] Fedora 29 Update: python36-3.6.8-1.fc29

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool

Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...

How Facebook Tracks Non-Users via Android Apps

LEIPZIG, GERMANY – If you quit Facebook or never joined because of its data collecting practices the odds are good the social network is still tracking you – despite your protest. Facebook collects data of non-users of its social network via dozens of mainstream Android apps that send tracking an...

Facebook bug exposed private photos of 6.8M users to third-party developers

By Waqas Another day, another privacy breach - This time, the social media giant Facebook has announced that a bug in its Photo API exposed private photos of over 6.8 million users to third-party app developers. The breach took place from September 13 to September 25, 2018, which means for 12 day...

Facebook Exposed 6.8 Million Users' Photos to Cap Off a Terrible 2018

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users...

Google Beefs Up Android Key Security for Mobile Apps

Google is making a few tweaks to its tools for Android mobile developers to boost the security of their wares – an apropos announcement against the backdrop of recent security issues stemming from poor development practices. Cryptographical changes this week for Android Keystore give developers...

Ian Dunn: Security issue: Github repo's wiki publicly editable

Hello Team, Github repo's wiki page is publicly editable. This enables an attacker to edit the wiki pages of the affected repo's. Adding content that may link to malicious code libraries that would be installed and used by developers or information that may mislead users. POC Links:...

Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security...

[SECURITY] Fedora 29 Update: python36-3.6.7-1.fc29

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Security Bulletin: XcodeGhost iOS malware

Question Security Bulletin: XcodeGhost iOS malware Answer Summary A new iOS malware has been discovered which originates from a malicious version of Xcode, the Apple developer tool for creating iOS applications. The malicious Xcode was made available through a Chinese cloud service and downloaded...

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code,...

[SECURITY] Fedora 29 Update: python34-3.4.9-4.fc29

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

openSUSE: Security Advisory for openssh (openSUSE-SU-2018:3801-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 28 Update: python37-3.7.1-1.fc28

Python 3.7 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, update your Fedora to a newer version once Python 3.7 is stable...

[SECURITY] Fedora 28 Update: python33-3.3.7-6.fc28

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 27 Update: python33-3.3.7-3.fc27

Python 3.3 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.3, see other distributions that support it, such as CentOS or RHEL with Software...