Design/Logic Flaw

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted...

CVE-2013-4775

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted...

Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : curl vulnerability (USN-2058-1)

Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle atta...

[Cryptocat] Chat Client with encrypted conversations on iPhone and Android

Cryptocat is an experimental browser-based chat client for easy to use, encrypted conversations. It aims to make encrypted, private chat easy to use and accessible. We want to break down the barrier that prevents the general public from having an accessible privacy alternative that they already...

Ubuntu: Security Advisory (USN-2048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP openssl_x509_parse() Memory Corruption Vulnerability

Exploit for php platform in category dos / poc Overview: Quote from http://www.php.net "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." The PHP function opensslx509parse uses a helper function called...

CVE-2013-7030

The TFTP service in Cisco Unified Communications Manager aka CUCM or Unified CM allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly...

PT-2013-6248 · Cisco · Cisco Unified Communications Manager

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager affected versions not specified Description: The TFTP service allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext...

Moxie Marlinspike on TextSecure CyanogenMod integration

Moxie Marlinspike Moxie Marlinspike has published landmark research on SSL vulnerabilities, taken on certificate authorities and even built an alternative to CAs as we know them today called Convergence. But now that government surveillance and online privacy have been elevated to mainstream...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : curl vulnerability (USN-2048-1)

Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive...

Biggest American Bank 'JPMorgan Chase' hacked; 465,000 card users' data stolen

JPMorgan Chase, one of the world's biggest Banks has recently announced that it was the victim of a cyber attack and warned round 465,000 of its holders of prepaid cash cards on the possible exposure of their personal information. In the Security Breach that took place on the bank's website...

CryptoLocker Ransomware Forensics Leads to Encrypted Files

If CryptoLocker is teaching enterprise IT and security people anything, it’s that backup is king. The ransomware is unforgiving; it will find and encrypt documents on local and shared drives and it will not give them back. Experts don’t advise victims to pay the ransom, which means infected...

Cryptocat, a Secure and Encrypted chat blocked in Iran

Users in Iran call Internet as "Filternet", because of the heavily censored Internet access they have. Million Iranians used VPN servers to access the outside world. In October, 2013 Jack Dorsey, the co-founder of Twitter asked Iranian President, 'Are citizens of Iran able to read your tweets?' I...

Cryptocat, a Secure and Encrypted chat blocked in Iran

Users in Iran call Internet as "Filternet", because of the heavily censored Internet access they have. Million Iranians used VPN servers to access the outside world. In October, 2013 Jack Dorsey, the co-founder of Twitter asked Iranian President, 'Are citizens of Iran able to read your tweets?' I...

Microsoft to Roll Out Encrypted Message Service for Office 365

Encryption, once a tool used mainly by security professionals, activists and others with reason to suspect their communications may be at risk, has been moving ever deeper into the mainstream in recent months. Now, Microsoft is planning to roll out a new encrypted email service on its Office 365...

New Banking malware 'i2Ninja' being sold via underground Russian Cybercrime Market

Researchers at Trusteer spotted a new banking malware program on the underground Russian cybercrime market, that communicates with attackers over the I2P anonymity network is for sale on underground Russian cybercrime forums. Dubbed 'i2Ninja', malware has most of the features found in other...

evolution: incorrect selection of recipient gpg public key for encrypted mail

The gpgctxaddrecipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers...

CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which...

HTTP/2 Supports only HTTPS URIs

The head of the working group designing the next version of HTTP said the HTTP/2 protocol will work only with encrypted URIs. “I believe the best way that we can meet the goal of increasing use of TLS on the Web is to encourage its use by only using HTTP/2.0 with https:// URIs,” wrote Mark...

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit SET v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get...