Travel Site Viator Claims 1.4 M Implicated in Breach

Travel website Viator.com is in the middle of notifying approximately 1.4 million of its customers that their personal information – payment card data included – may have been compromised. The San Francisco-based company, which specializes in expert curated travel suggestions, announced the breac...

Apple CEO Tim Cook Says Company Dedicated to Protecting Users' Privacy

While much of the tech community is still swooning over the iPhone 6, Apple Pay and Apple Watch, the company’s top executive is spending a lot of time and energy trying to reassure customers that Apple is doing everything it can to protect their privacy and the security of their data. Apple CEO T...

Ammyy Admin 3.5 - Remote Code Execution (Metasploit)

Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...

Chinese Government Accused of Intercepting Traffic Between Google and CERNET

So far, we all are well aware of the fact that Chinese have had a past filled with cases of Cyber Crime. China is the world’s largest exporter of IT goods, but it has been criticized by many countries due to suspected backdoors in its products, including United States which has banned its several...

Nearly 100k Bugzilla Users Affected by Data Disclosure

The email addresses and encrypted passwords of nearly 100,000 users of Mozilla’s Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer Network t...

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS

The version of Symantec Encryption Desktop installed on the remote Mac OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially...

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

[USN-2316-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Code injection

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted encrypted e-mail message that decompresses to a larger size...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...

CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is a program that can be used to create encrypted files or encrypt entire drives including USB flash...

Ubuntu 14.04 LTS : serf vulnerability (USN-2315-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2315-1 advisory. Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could explo...

USN-2315-1: serf vulnerability

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

Facebook Password Remover - All-in-one Facebook Login Password Removal Tool

Facebook Password Remover is the free all-in-one tool to quickly remove the stored Facebook Login passwords from your system. This helps you to delete any accidently or otherwise stored Facebook password on any public/shared computers so that your Facebook account remains safe. Currently it...

Mozilla MDN Password Disclosure Affects 76,000 Developers

Some members of the Mozilla Developer Network are being advised to change their passwords after email addresses and encrypted credentials were disclosed on a public server. Mozilla director of developer relations Stormy Peters said the organization has been investigating the disclosure for 10 day...

New Signal App Brings Encrypted Calling to iPhone

iPhone users concerned about government surveillance efforts putting unencrypted calls at risk now have a free app at their disposal that brings secure communication to the Apple phone. Open WhisperSystems, developers of RedPhone for Android, have developed a similar app for iPhone called Signal,...

Siemens Patches Five Vulnerabilities in SIMATIC System

Siemens released an update for two builds of its SIMATIC automation system this week, addressing a quintet of vulnerabilities, four of which are remotely exploitable. The German company’s SIMATIC WinCC, a SCADA system and SIMATIC PCS7, a distributed control system DCS are directly affected by the...

Germany to Consider Typewriters to Protect From US Spying

So far we have heard that using privacy tools by every individual and offering encrypted communication by every company is the only solution to Mass Surveillance conducted by the government and law enforcement authorities. But, Germany says the only solution to guard against surveillance is - Sto...

New Kronos Banking Malware Advertised On Russian Forums

Criminals are advertising a new banking Trojan on Russian forums, one going for a hefty price and being marketed as a method of evading detection and analysis. To date, however, security researchers have yet to obtain a sample of Kronos, which is available on a few forums for pre-order at a cost ...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...