Modernize Confluence Backup & Restore

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-37322. panel As a User in all possible roles in order to save time & money and prevent unintended problems caused by the curren...

Google Moving Toward Encrypted Ad Services

Google engineers have spent the last several years moving many of the company’s online services to encrypted links. Gmail is HTTPS by default, and Google search is done over SSL for much of the world. Now the company is working to move its ad-serving and ad-buying platforms to HTTPS, as well...

CVE-2015-3324

The ThinkServer System Manager TSM Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

HTTP Suspicious SMB Redirection

A vulnerability has been discovered in the way numerous Windows-based applications follow HTTP redirection messages. By enticing a user to connect to a malicious Web server or by using Man in the Middle techniques, an attacker might cause a vulnerable application to initiate an SMB connection to ...

CVE-2015-1415

The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile /boot/encryption.key, which allows local users to obtain sensitive key information by reading the file...

FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory Information Title: FreeBSD 10.x ZFS encryption.key disclosure CVE-2015-1415 Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-1415.txt.asc Date published: 2015-04-07 Vendors contacted: FreeBSD Release mode: Coordinated release...

Not found the rear door: open source encryption software TrueCrypt security audit-vulnerability warning-the black bar safety net

TrueCrypt is a popular open source file encryption software, which the user includes a large number of“sensitive persons”, such as businessmen, politicians, journalists, and therefore its safety has been well received by the attention. 2 0 1 4 年 5 months, the open source encryption software...

Hospira MedNet Hardcoded Key Vulnerability

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses hard-coded keys that allow attackers to intercept encrypted communications from syringe pumps...

Slack Discloses Breach of its User Profile Database

Enterprise and small business collaboration provider Slack today disclosed that a database storing user profile information has been compromised. The company said in a notice posted on its site that the unauthorized access has been blocked, and that it has implemented two-factor authentication...

Scientific Linux Security Update : virt-who on SL7.x (noarch) (20150305)

It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world- readable. A local user could use this flaw to obtain authentication credentials from this file. CVE-2014-0189 The virt-who package has been upgraded to upstre...

Dangerous 'Vawtrak Banking Trojan' Harvesting Passwords Worldwide

Security researcher has discovered some new features in the most dangerous Vawtrak, aka Neverquest, malware that allow it to send and receive data through encrypted favicons distributed over the secured Tor network. The researcher, Jakub Kroustek from AVG anti-virus firm, has provided an in-depth...

JVN#41281927: LINE vulnerable to script injection

LINE provided by LINE Corporation is an application used to communicate with others. LINE is vulnerable to MITM man-in-the-middle attacks since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM man-in-the-middle attacker. Impac...

CentOS 7 : virt-who (CESA-2015:0430)

An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

virt security update

CentOS Errata and Security Advisory CESA-2015:0430 An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

[USN-2524-1] eCryptfs vulnerability

========================================================================== Ubuntu Security Notice USN-2524-1 March 11, 2015 ecryptfs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

USN-2524-1 ecryptfs-utils vulnerability

Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files...

Ubuntu 14.04 LTS : eCryptfs vulnerability (USN-2524-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2524-1 advisory. Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this...