Popular secure chat APP TextSecure presence of“unknown key sharing attack”vulnerability-vulnerability warning-the black bar safety net

! TextSecure is Android platform a encrypted chat APP, this free APP is designed in order to guarantee communication privacy. This APP by Open WhisperSystems developed, the code completelyopen sourcesupport end-to-end SMS encryption. Looks very safe is not? Recently, however, from Germany's Ruhr...

Facebook Creates .Onion Site; Now Accessible Via Tor Network

UPDATE – This story has been updated with commentary from the Tor Project. Facebook announced today that the social network will now be directly available to users as a Tor hidden service. The Tor Project is an Internet-traffic anonymization service that relays user traffic through a number of...

USN-2390-1: Pidgin vulnerabilities

Jacob Appelbaum and an anonymous person discovered that Pidgin incorrectly handled certificate validation. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2014-3694 Yves Younan and Richard Johnson...

NSA-Approved Samsung Knox Stores PIN in Cleartext

A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency. The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy No...

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass

The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...

CentOS Update for java CESA-2014:1634 centos5

Check the version of java SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882060";...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

BMC Track-it! Remote Code Execution / SQL Injection

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

CVE-2014-4869

The Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group...

Design/Logic Flaw

The Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group...

Google Changes SafeSearch Option for Administrators

Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allow...

Travel Site Viator Claims 1.4 M Implicated in Breach

Travel website Viator.com is in the middle of notifying approximately 1.4 million of its customers that their personal information – payment card data included – may have been compromised. The San Francisco-based company, which specializes in expert curated travel suggestions, announced the breac...

Apple CEO Tim Cook Says Company Dedicated to Protecting Users' Privacy

While much of the tech community is still swooning over the iPhone 6, Apple Pay and Apple Watch, the company’s top executive is spending a lot of time and energy trying to reassure customers that Apple is doing everything it can to protect their privacy and the security of their data. Apple CEO T...

Ammyy Admin 3.5 - Remote Code Execution (Metasploit)

Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...

Chinese Government Accused of Intercepting Traffic Between Google and CERNET

So far, we all are well aware of the fact that Chinese have had a past filled with cases of Cyber Crime. China is the world’s largest exporter of IT goods, but it has been criticized by many countries due to suspected backdoors in its products, including United States which has banned its several...