New Police Ransomware 'Browlock' targeting users in US, Canada and UK

What would you do if a European Cybercrime Agency locked your PC until you paid a fine? A new Police Ransomware family dubbed Trojan:HTML/Browlock by F-secure Antivirus firm, known as Browlock, which spreads by tricking unsuspecting web surfers into believing the police are after them. Ransomware...

New Police Ransomware 'Browlock' targeting users in US, Canada and UK

What would you do if a European Cybercrime Agency locked your PC until you paid a fine? A new Police Ransomware family dubbed Trojan:HTML/Browlock by F-secure Antivirus firm, known as Browlock, which spreads by tricking unsuspecting web surfers into believing the police are after them. Ransomware...

Encrypted Email Service 'Lavabit' abruptly shut down under U.S. Government Pressure

Texas-based Encrypted Email Service 'Lavabit' abruptly shut down for reasons linked to National Security Agency whistleblower Edward Snowden. The Feds want to Lavabit demanding access to Ed Snowden's email. Lavabit refused! Snowden was using the Lavabit service while holed-up in the Moscow airpor...

Encrypted Email Service 'Lavabit' abruptly shut down under U.S. Government Pressure

Texas-based Encrypted Email Service 'Lavabit' abruptly shut down for reasons linked to National Security Agency whistleblower Edward Snowden. The Feds want to Lavabit demanding access to Ed Snowden's email. Lavabit refused! Snowden was using the Lavabit service while holed-up in the Moscow airpor...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

BREACH decodes HTTPS encrypted data in 30 seconds

A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...

CVE-2013-4674

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

CVE-2013-4674

Cross-site scripting XSS vulnerability in the Web Email Protection component in Symantec Encryption Management Server formerly Symantec PGP Universal Server before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment...

Israel's Verint Systems get a contract from Indian government for interception program

Soon in December this year, India's new surveillance program - Centralized Monitoring System CMS will be able to analyze all telecommunications and Internet communications in India by the government and its agencies. This means that everything we say or text over the phone, write, post or browse...

Israel's Verint Systems get a contract from Indian government for interception program

Soon in December this year, India’s new surveillance program - Centralized Monitoring System CMS will be able to analyze all telecommunications and Internet communications in India by the government and its agencies. This means that everything we say or text over the phone, write, post or browse...

Ubuntu Forums hacked; 2 million user's personal Information compromised

Ubuntuforums.org, The popular Ubuntu Forums site, has posted a message on its index page, informing its near 2 million users that it has suffered a serious security breach. "There has been a security breach on the Ubuntu Forums," reads the page. The site was defaced by hacker with Twitter handle...

Cisco IOS GET VPN Encryption Policy Bypass Vulnerability

A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS could allow traffic to bypass the configured encryption policy. The vulnerability is due to the default, implicit policies set in place to permit Group Domain of Interpretation GDOI traffic to flow unencrypted...

Default configuration

The default configuration of the Group Encrypted Transport VPN GET VPN feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation GDOI traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui076...

CVE-2013-3436

Cisco IOS GET VPN vulnerable due to default implicit GDOI policy allowing unencrypted traffic on UDP 848, enabling bypass of encryption policy for GMs and KSs. Root cause is the default configuration that permits GDOI flow; exploitation requires access to trusted internal networks. Impact is bypa...

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...

Sql injection

SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051...

CVE-2013-3770

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Content Server. NOTE: the previous information is from th...

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities

Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System:...