Hospira MedNet Hardcoded Key Vulnerability

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses hard-coded keys that allow attackers to intercept encrypted communications from syringe pumps...

Slack Discloses Breach of its User Profile Database

Enterprise and small business collaboration provider Slack today disclosed that a database storing user profile information has been compromised. The company said in a notice posted on its site that the unauthorized access has been blocked, and that it has implemented two-factor authentication...

Scientific Linux Security Update : virt-who on SL7.x (noarch) (20150305)

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world- readable. A local user could use this flaw to obtain authentication credentials from this file. CVE-2014-0189 The virt-who package has been upgraded to upstre...

Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide

Security researcher has discovered some new features in the most dangerous Vawtrak, aka Neverquest, malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network. The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth...

JVN#41281927: LINE vulnerable to script injection

LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...

CentOS 7 : virt-who (CESA-2015:0430)

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

virt security update

CentOS Errata and Security Advisory CESA-2015:0430 An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

[USN-2524-1] eCryptfs vulnerability

========================================================================== Ubuntu Security Notice USN-2524-1 March 11, 2015 ecryptfs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

USN-2524-1 ecryptfs-utils vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files...

Ubuntu 14.04 LTS : eCryptfs vulnerability (USN-2524-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2524-1 advisory. Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this...

OTR.to — Secure 'Off-the-Record' p2p Encrypted Messaging Service

In this post-Snowden era of mass surveillance, being out-of-reach from the spying eyes really doesn't mean they can not get you. So, if you are concerned about your data privacy and are actually searching for a peer-to-peer encrypted messaging service, then it’s time to get one. "Otr.to" — an...

TextSecure to Drop Support for Encrypted SMS

Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security an...

[SECURITY] Fedora 22 Update: duplicity-0.6.25-3.fc22

Duplicity incrementally backs up files and directory by encrypting tar-format volumes with GnuPG and uploading them to a remote or local file server. In theory many protocols for connecting to a file server could be supported; so far ssh/scp, local file access, rsync, ftp, HSI, WebDAV and Amazon ...

IBM Notes Traveler Companion application information disclosure vulnerability

IBM Notes Traveler is an email product powerfully built for Lotus Notes mobile users. An information disclosure vulnerability exists in the IBM Notes Traveler Companion application, which allows attackers to exploit this vulnerability by conducting phishing attacks involving encrypted email to...

Moderate: Red Hat Security Advisory: virt-who security, bug fix, and enhancement update

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

RHEL 7 : virt-who (RHSA-2015:0430)

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Signal 2.0 — Free iPhone App for Encrypted Calls and Texts

An open source software group, Open Whisper Systems, has announced the release of Signal 2.0 — the second version of its free and open source messaging application for iPhone and iPad users. Signal app is specifically designed to make secure and easy-to-use encrypted voice calling. But that’s wha...

CVE-2014-8921

The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials b...

Tails 1.3 Released, Introduces 'Electrum Bitcoin Wallet'

A new Tails 1.3 has been released with support to a secure Bitcoin wallet. Tails, also known as the 'Amnesic Incognito Live System', is a free security-focused Debian-based Linux distribution, specially designed and optimized to preserve users' anonymity and privacy. Tails operating system came t...

Optimizing encrypted video

Security Optimizing encrypted video Share February 25th, 2015 You might have seen our press release that Opera’s Rocket Optimizer can now optimize encrypted video streams. The attentive reader will already have halted and said, “wait, what?”. In this blog post, we’ll explain how this works. Rocke...