Google Updates CA Trust Mechanisms in Android Nougat

Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an...

Apple left iOS 10 Kernel Code Unencrypted, Intentionally!

Apple’s new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were...

Armadito Antimalware - Backdoor Access/Bypass

/ Exploit Title : Armadito antimalware - Backdoor/Bypass Date : 07-06-2016 DD-MM-YYYY Exploit Author : Ax. Vendor Homepage : http://www.teclib-edition.com/teclib-products/armadito-antivirus/ Software Link : https://github.com/41434944/armadito-av Version : No version specified. Fixed 07-06-2016...

Linux Foundation Badge Program Boost Open Source Security

The Linux Foundation says a new Core Infrastructure Initiative CII Best Practices Badge program launched Tuesday will help companies interested in adopting open source technologies evaluate projects based on security, quality and stability. The CII Best Practices Badge does not issue certificates...

Google Stresses Transparency in New Chrome Web Store Policies

Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency. The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has porte...

PHP Utility Belt remote code execution vulnerability verification and analysis-vulnerability warning-the black bar safety net

! PHP Utility Belt is a tool for PHP application developers use a set of tools that can be used to test regular expressions and observed with pregmatch and pregmatchall function to match the observed pregreplate the result of the function; contains two words, two numbers with a capital letter and...

[SECURITY] Fedora 24 Update: torbrowser-launcher-0.2.4-1.fc24

Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install torbrowser-launcher from your distribution's package manager and it handles everything else: Downloads and installs the most recent version of Tor Browser in your lan guage and for your...

[SECURITY] Fedora 22 Update: qt-creator-3.6.0-6.fc22

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

[SECURITY] Fedora 23 Update: qt-creator-3.6.0-6.fc23

Qt Creator is a cross-platform IDE integrated development environment tailored to the needs of Qt developers...

[SECURITY] Fedora 23 Update: prosody-0.9.10-1.fc23

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Zomato: Several XSS affecting Zomato.com and developers.zomato.com

Hi there, I have found several XSS in Zomato.com and developers.zomato.com A. Steps to reproduce: 1. Go to zomato.com 2. Look for any restaurant 3. Click "Write review" and enter the payload as your review 4. Click "Publish review" . XSS pop up B. Now in developers.zomato.com: 1. Go to...

Password Security — Who's to Blame for Weak Passwords? Users, Really?

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that...

privoxy -- multiple vulnerabilities

Privoxy Developers reports: Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer. Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz an...

[SECURITY] Fedora 23 Update: prosody-0.9.9-2.fc23

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Google 'Android N' Will Not Use Oracle's Java APIs

Google appears to be no longer using Java application programming interfaces APIs from Oracle in future versions of its Android mobile operating system, and switching to an open source alternative instead. Google will be making use of OpenJDK – an open source version of Oracle’s Java Development...

[SECURITY] Fedora 23 Update: sos-3.2-2.fc23

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

Damn Vulnerable Node Application: DVNA

Damn Vulnerable Node Application DVNA is a node.js web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...

Coinbase: Stored-XSS in https://www.coinbase.com/

Coinbase was mistakenly allowing developers to set their website or developer URL to a javascript:// or data:// URL. This link would then be rendered into the OAuth authorization page and leave users vulnerable to XSS if they clicked on it...

[SECURITY] Fedora 23 Update: python-cryptography-1.0.2-2.fc23

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

obby Service Detection

The script checks the presence of an obby service. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...