Apple's Biggest Hack Ever: 4000 Malicious iOS Store Apps Linked to CIA?

The First major cyber attack on Apple's App Store has now been linked to CIA Central Intelligence Agency. Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by 'XCodeGhost Malware'. The Bad News is that the infection has now increased exponentially with the discovery ...

XcodeGhost Apple AppStore Malware

As more eyes peer into XcodeGhost, the malware that managed to sneak into Apple’s App Store, more trouble bubbles to the surface. Researchers at Palo Alto Networks said in an updated report that the malware contains a vulnerability that allows an attacker in man-in-the-middle position to control...

ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code

After, Facebook open sourced Thrift Technology an internally used tool by Facebook in 2007, rival entity Twitter brings Diffy, an internal Twitter service to the world. Yesterday, Twitter introduced "Diffy," an open source tool, acting as a helping hand for the software developers to catch bugs,...

Mantis Bug Tracker 1.2.19 - Host Header

Exploit Title: MantisBT 1.2.19 - Host header attack vulnerability Date: 07-09-2015 Exploit Author: Pier-Luc Maltais Centre opérationnel de sécurité informatique gouvernemental COSIG Vendor Homepage: https://www.mantisbt.org/ Software Link:...

Microsoft Office 2016 for Windows coming on September 22

Earlier this year, Microsoft had announced to bring its Office 2016 soon to the world. Also, Office 2016 software version for Mac was released in July 2015. Now speculations gearing up are hinting towards a final release date of Office 2016 for Windows as 22nd September 2015. Though, for Window...

Hack Codegen - Facebook Open-Sources Code That Writes Code

Good news for Open Source Lovers! Facebook has open-sourced Hack Codegen – its library for automatically generating Hack code, allowing outside developers to automate some of their routine work while developing large programs. HACK is the Facebook's own programming language designed to build...

Fedora 21 : drupal7-migrate-2.8-1.fc21 (2015-11314)

7.x-2.8 See SA-CONTRIB-2015-130 Features and enhancements - Issue 2379289: migrate-import --update does not seem to work as expected, if map is not joinable, due to highwater field? - Issue 2403643: Migration::applyMappings unable to handle multifield subfields - Issue 2472045: Add language...

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories. Not yet officially announced, but Google started providing free beta access to its new...

[SECURITY] Fedora 21 Update: python-requests-2.7.0-1.fc21

Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=E2=80=99s built-in urllib2 module provides most of the H TTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy for developers...

Apple Pushing Developers Toward HTTPS Connections in Apps

Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever...

Damn Vulnerable Web App - PHP/MySQL Training Web Application that is Damn Vulnerable

Damn Vulnerable Web App DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid...

IBM Lotus Domino 8.5.4 / 8.5.3 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting vulnerability in IBM Domino. This is one from many vulnerabilities in Domino, which I've found at 03.05.2012. In previous years I wrote about multiple vulnerabilities in Lotus Domino http://securityvulns.ru/docs29277.html and Lotus Notes...

Microsoft to Detect Search Protection Code as Malware

The Microsoft Malware Protection Center announced yesterday that its security products would begin detecting all software containing search protection functions and classifying it as malicious, regardless of whether the search-censoring features are enabled or latent. Search protection is a schem...

Google to Introduce New Photo-Sharing Platform to Kill Instagram

Google is reportedly going to launch a new online photo-sharing service and storage option at its developer conference later this month, which Bloomberg says, will not be a part of its Google+ social network. At the moment, Google offers a photo sharing service known as "Google+ Photos," which...

Gamification of Facebook Messenger... New feature Coming Soon

Good news for Gamers! Users of Facebook Messenger may soon be able to play games on the messaging platform. Nearly two months ago, Facebook launched its Messenger platform, inviting developers to create apps that allow you to send and receive GIFs, sound clips, and other artistic creations within...

Researchers, IEEE Release Medical Device Security Guidelines

A collection of research scientists, with help from the IEEE Cybersecurity Initiative, have released a new set of guidelines for developers to take into account to ensure security figures into how medical devices are coded. The paper, “Building Code for Medical Device Software Security,” .PDF was...

Graudit - Find potential security flaws in source code using grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very...

Popular iOS network communications library AFNetworking exposed SSL vulnerability, the impact of China UnionPay, Bank of China, Bank of communications, 2. 5 million iOS applications-vulnerability warning-the black bar safety net

A presence in the popular open source iOS network communications library AFNetworking in severe vulnerability that the Apple App Store 2 5 0 0 0 a iOS app in HTTPS traffic exposure in-the-middle（MITM attack. AFNetworking is a famous open source network library, to be able to developers in iOS and...

iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle MiTM attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild f...