Nearly 100k Bugzilla Users Affected by Data Disclosure

The email addresses and encrypted passwords of nearly 100,000 users of Mozilla’s Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer Network t...

Symantec Encryption Desktop 10.x < 10.3.2 MP3 DoS

The version of Symantec Encryption Desktop installed on the remote Mac OS X host is version 10.x prior to 10.3.2 MP3. It is, therefore, affected by a denial of service vulnerability. The flaw is due to a failure to properly limit decompressed file size during the decryption process of a specially...

Updated serf packages fix CVE-2014-3504

Updated serf packages fix security vulnerability: Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter...

[USN-2316-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2316-1 August 14, 2014 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Code injection

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted encrypted e-mail message that decompresses to a larger size...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communicatio...

CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is a program that can be used to create encrypted files or encrypt entire drives including USB flash...

Ubuntu 14.04 LTS : serf vulnerability (USN-2315-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2315-1 advisory. Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could explo...

USN-2315-1: serf vulnerability

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

Facebook Password Remover - All-in-one Facebook Login Password Removal Tool

Facebook Password Remover is the free all-in-one tool to quickly remove the stored Facebook Login passwords from your system. This helps you to delete any accidently or otherwise stored Facebook password on any public/shared computers so that your Facebook account remains safe. Currently it...

Mozilla MDN Password Disclosure Affects 76,000 Developers

Some members of the Mozilla Developer Network are being advised to change their passwords after email addresses and encrypted credentials were disclosed on a public server. Mozilla director of developer relations Stormy Peters said the organization has been investigating the disclosure for 10 day...

New Signal App Brings Encrypted Calling to iPhone

iPhone users concerned about government surveillance efforts putting unencrypted calls at risk now have a free app at their disposal that brings secure communication to the Apple phone. Open WhisperSystems, developers of RedPhone for Android, have developed a similar app for iPhone called Signal,...

Siemens Patches Five Vulnerabilities in SIMATIC System

Siemens released an update for two builds of its SIMATIC automation system this week, addressing a quintet of vulnerabilities, four of which are remotely exploitable. The German company’s SIMATIC WinCC, a SCADA system and SIMATIC PCS7, a distributed control system DCS are directly affected by the...

Germany to Consider Typewriters to Protect From US Spying

So far we have heard that using privacy tools by every individual and offering encrypted communication by every company is the only solution to Mass Surveillance conducted by the government and law enforcement authorities. But, Germany says the only solution to guard against surveillance is - Sto...

New Kronos Banking Malware Advertised On Russian Forums

Criminals are advertising a new banking Trojan on Russian forums, one going for a hefty price and being marketed as a method of evading detection and analysis. To date, however, security researchers have yet to obtain a sample of Kronos, which is available on a few forums for pre-order at a cost ...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...

Mail Password Decryptor - All-in-one eMail Password Recovery Software

Mail Password Decryptor is the FREE software to instantly recover Mail Account passwords from popular email clients and other desktop applications. You can recover your lost password for email accounts like Gmail, Yahoo Mail, Hotmail or Windows Live Mail from email applications such as Microsoft...

Mastery OA 2011-2013 pass to kill GETSHELL-a vulnerability warning-the black bar safety net

Statement: This program applied to a lot of government agencies, educational institutions, as well as the large stream companiesChina Telecom, etc.! Please after reading this don't try to for any use of the program website destruction attack invasion, etc... I made this post purely technical...

php php/fi 2.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2250/info PHP/FI is an software suite designed to offer enhanced features to sites served via the World Wide Web. It is open source, freely available, and maintained by the PHP development team. A problem with the softwar...

PHPEasyNews <= 1.13 RC2 (post) Remote SQL Injection Vulnerability

No description provided by source. -+================================================================================+- -+ PHPEasyNews = 1.13 RC2 SQL Injection Vulnerabilitys +- -+================================================================================+- Discovered By: t0pP8uZz Discovered...