wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

DEBIAN-CVE-2015-0227

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...

Exploit for CVE-2014-3566

PoC exploit for CVE-2014-3566, a Padding Oracle On Downgraded Le...

BMC Track-it! Remote Code Execution / SQL Injection

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

Apple CEO Tim Cook Says Company Dedicated to Protecting Users' Privacy

While much of the tech community is still swooning over the iPhone 6, Apple Pay and Apple Watch, the company’s top executive is spending a lot of time and energy trying to reassure customers that Apple is doing everything it can to protect their privacy and the security of their data. Apple CEO T...

New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors. Until now, we have seen banking Trojans affecting devices and steal users’ financial credentials in order to run them out of their money. But nowadays,...

PDF Containing Encrypted Data

PDF files may include encrypted data. A remote attacker may use such encrypted data inside PDF files to hide attacks against various PDF vulnerabilities, in order to evade IPS inspection. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it m...

USPS Spam Campaign Drops Asprox Botnet Malware

A new spam campaign has emerged in support of the Asprox botnet. The scheme involves shipping receipt emails that contain malicious links and purport to come from the United States Postal Service USPS. Anyone who receives one of these emails and clicks on the link therein will have a zip file...

Mylar - Platform for building secure web applications

Web applications rely on servers to store and process confidential information. However, anyone who gains access to the server e.g., an attacker, a curious administrator, or a government can obtain all of the data stored there. Mylar protects data confidentiality even when an attacker gets full...

HTTPS can leak your Personal details to Attackers

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by...

Silent Circle's Blackphone - Privacy and Security Focused Smartphone for $629

Earlier this year encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone announced a privacy-focused encrypted Smartphone called 'Blackphone' and today the company has revealed it as 'Mobile World Congress' in Barcelona. The Blackphone titled as, “world’s first...

Biggest American Bank 'JPMorgan Chase' hacked; 465,000 card users' data stolen

JPMorgan Chase, one of the world's biggest Banks has recently announced that it was the victim of a cyber attack and warned round 465,000 of its holders of prepaid cash cards on the possible exposure of their personal information. In the Security Breach that took place on the bank's website...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

Research Outlines New Deep Freeze Data Recovery Technique on Android Phone

Hackers and data recovery specialists alike could soon be turning to a new technique that under the right conditions can allow for the harvesting of personal information from phones, even after they’ve been frozen. A group of German researchers from the University of Erlangen-Nuremberg have...

TLS response timings can indicate network contents – Opera Security Advisories

When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure...

TrendMicro DataArmor / DriveArmor multiple security vulnerabilities

Restriction bypass, privilege escalation, encrypted data access...

Default configuration

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data...

CentOS 5 : ecryptfs-utils (CESA-2011:1241)

Updated ecryptfs-utils packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...