Developers Targeted in ‘ParseDroid’ PoC Attack

Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...

Google Cracks Down On Nosy Android Apps

Google is cracking down on unwanted and harmful Android apps with a new effort that will show warnings on applications and on third-party websites distributing apps that collect personal data without user consent. The effort is an expansion of the Google Safe Browsing team’s mission to enforce th...

Automattic: [public-api.wordpress.com] Stored XSS via Crafted Developer App Description

Hi, An injection in the "App Description" field within the WordPress Developers platform can be used to store and reflect JavaScript in the public-api.wordpress.com context. Steps to reproduce 1 As the "adversary" user, please visit the WordPress.com My Apps page and select "Create New Applicatio...

WPSploit - WordPress Plugin Code Scanner

This tool is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. For more info click here. Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit $ python wpsploit.py pluginfile.php or $ wget...

CVE-2017-14389

An issue was discovered in Cloud Foundry Foundation capi-release all versions prior to 1.45.0, cf-release all versions prior to v280, and cf-deployment all versions prior to v1.0.0. The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that...

[SECURITY] Fedora 25 Update: python-copr-1.84-1.fc25

COPR is lightweight build system. It allows you to create new project in We bUI, and submit new builds and COPR will create yum repository from latest build s. This package contains python interface to access Copr service. Mostly useful for developers only...

[SECURITY] Fedora 26 Update: python-copr-1.84-1.fc26

COPR is lightweight build system. It allows you to create new project in We bUI, and submit new builds and COPR will create yum repository from latest build s. This package contains python interface to access Copr service. Mostly useful for developers only...

[SECURITY] Fedora 27 Update: python-copr-1.84-1.fc27

COPR is lightweight build system. It allows you to create new project in We bUI, and submit new builds and COPR will create yum repository from latest build s. This package contains python interface to access Copr service. Mostly useful for developers only...

Google Begins Removing Play Store Apps Misusing Android Accessibility Services

Due to rise in malware and adware abusing Android accessibility services, Google has finally decided to take strict steps against the apps on its app platform that misuse this feature. Google has emailed Android app developers informing them that within 30 days, they must show how accessibility...

Security vulnerabilities fixed in Firefox 57 — Mozilla

A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in a potentially exploitable crash during these operations. The Resource Timing API incorrectly revealed navigations in cross-origin iframes. Th...

Interface Aware Fuzzing for Kernel Drivers: DIFUZE

Device drivers are an essential part in modern Unix-like systems to handle operations on physical devices, from hard disks and printers to digital cameras and Bluetooth speakers. The surge of new hardware, particularly on mobile devices, introduces an explosive growth of device drivers in system...

Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT

Trape is a recognition tool that allows you to track people , the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP. Some benefits One of its most enticing functions is the remote...

Disclosure: WordPress WPDB SQL Injection - Technical

Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update. The foundations of this vulnerability was reported via Hacker-One on September 20th, 2017. This post will detail the technical vulnerability...

OWASP ZAP 2.6.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

CWEs in NVD CVE feed: analysis and complaints

As you probably know, one of the ways to describe the nature of some software vulnerability is to provide corresponding CWE Common Weakness Enumeration ids. Let's see the CWE links in NVD CVE base. I have already wrote earlier how to deal with NVD feed using python in "Downloading and analyzing N...

Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps

Better late than never. Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps. Dubbed "Google Play Security Reward," the bug bounty program offers security...

Yet more mobile adware found in Google Play

Finding an adware variant that made its way past the Google Play store is out of the ordinary. So when two adware variants slip by in one week, we take notice. Last week, we added two new Ad SDKs to our growing list of adware detections—Adware.Solid and Adware.Cootek. Both Ad SDKs were found in a...

[SECURITY] Fedora 25 Update: tor-0.2.9.12-1.fc25

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

jenkins -- multiple issues

jenkins developers report: A total of 11 issues are reported, please see reference URL for details...

[SECURITY] Fedora 27 Update: tor-0.3.1.7-1.fc27

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...