ProtonMail - Encrypted Email - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application ProtonMail - Encrypted Email published at the 'play' market has multiple vulnerabilities...

Suing to See the Feds’ Encrypted Messages? Good Luck

Conservative watchdog Judicial Watch is suing the EPA for staffers' Signal messages. It may hit the encrypted limits of federal transparency. The post Suing to See the Feds' Encrypted Messages? Good Luck appeared first on WIRED...

libreoffice security and bug fix update

1:5.0.6.2-5.0.1.1 - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' 1:5.0.6.2-5.1 - Resolves: rhbz1435534 CVE-2017-3157 Arbitrary file disclosure in Calc and Writer 1:5.0.6.2-5 - Resolves:...

Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

Remember The Shadow Brokers? They are back. A hackers group that previously claimed to have stolen a bunch of hacking tools malware, zero-day exploits, and implants created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

Schneider Modicon M221CE16R Hard-Coded Vulnerability

The Modicon M221CE16R is an all-in-one programmable controller from Schneider Electric Co. The Schneider Modicon M221CE16R is vulnerable to a hard-coded vulnerability where XML files are AES-CBC encrypted, but the key used for encryption is hard-coded and cannot be changed. After decrypting the X...

Mobile Ad Hoc Mesh Network: Serval Mesh

Mobile Ad Hoc Mesh Network Serval Mesh, and it is free software that allows smart-phones to communicate, even in the face of catastrophic failure of cellular networks. Serval Mesh allows people to make voice calls, send text messages and share files with other Serval Mesh users, without requiring...

Setting a custom FileVault (macOS FDE) passphrase

FileVault 2 is the full-disk encryption system of macOS. Normally, it's turned on from System Preferences, and locks the disk with the passwords of all the users allowed to unlock the machine. Overloading the login/unlock/sudo password is an understandable UX simplicity choice, but makes it very...

CVE-2016-9123

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

UBUNTU-CVE-2016-6225

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

Huawei Document Security Management Information Disclosure Vulnerability

Huawei Document Security Management DSM is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. A security vulnerability exists in the privilege control function in Huawei DSM versions prior to...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...

CVE-2016-2406

The permission control module in Huawei Document Security Management aka DSM before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button...