EUVD-2021-31874

Malicious code in bioql PyPI...

[SECURITY] Fedora 36 Update: icecat-91.7.0-1.rh1.fc36

GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. HTTPS Everywhere HTTPS Everywhere is an extension that encrypts...

Encrypted & Fileless Malware Sees Big Growth

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...

The 6 best Chrome extensions for privacy and security

While searching for security- and privacy-improving extensions, users may end up installing an extension that is counterproductive to their goals. To help our readers I have compiled a list of Chrome extensions that can actually help you improve your online privacy and security. Our regular reade...

Oblivious DNS-over-HTTPS

This new protocol, called Oblivious DNS-over-HTTPS ODoH, hides the websites you visit from your ISP. Heres how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit...

DNS over HTTPS

DNS over HTTPS DoH is a protocol for performing remote Domain Name System DNS resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks1 by using the HTTPS protocol to...

New SHA-1 Attack

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: ...

Adult Sites Lack Privacy, Open the Door for Harassment and Tracking

An analysis of 22,500 porn sites found that third-party tracking of users is rampant, privacy policies are difficult to understand and a majority fail to implement basic HTTPS encryption. In all, it’s a recipe for enabling sexual violence and shaming, according to an academic paper released this...

ThreatList: Popular Apps Get Enterprise Blacklisted

Mobile apps on BYOD handhelds tend to keep enterprise security pros worried. Between apps that are malicious, others that leak data and ones with pushy permissions – it’s hard to determine what’s safe and what might violate company rules. On Wednesday, Appthority released its annual list of the...

Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF

We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...

SUSE SLED12 Security Update : shotwell (SUSE-SU-2018:0637-1)

This update for shotwell fixes the following issues: Security issue fixed : - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins bsc1054311. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

SUSE-SU-2018:0637-1 Security update for shotwell

This update for shotwell fixes the following issues: Security issue fixed: - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins bsc1054311...

D-Link DIR-850L REV.A and REV.B Password Disclosure Vulnerability (CNVD-2017-31787)

The D-Link DIR-850L REV.A and REV.B are both wireless router products from AUO D-Link. The security vulnerability in D-Link DIR-850L REV.A and REV.B devices using firmware FW114WWb07h2abbeta1 and prior versions and firmware FW208WWb02 and prior versions stems from the program using the same...

Fedora 24 : shotwell (2017-ddee871dd1)

This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to...

Fedora 25 : shotwell (2017-8c3c43cc4f)

This release turns on HTTPS encyption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to...

WordPress enables Free HTTPS Encryption for all Blogs with Custom Domain

Do you own a custom domain or a blog under the wordpress.com domain name? If yes, then there is good news for you. WordPress is bringing free HTTPS to every blog and website that belongs to them in an effort to make the Web more secure. WordPress – free, open source and the most popular a content...

Let's Encrypt Initiative Enters Public Beta

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption. The latest step comes on the heels of the movement issuing its first certificate back in September and...

New Google Drive Phishing Scam Uncovered

Phishers have again leveraged users’ trust in Google with a newly discovered campaign designed to steal credentials that grant access to the multitude of Google’s online services. New phishing pages hosted on Google Drive were discovered by researcher Aditya K. Sood of Elastica Cloud Threat Labs...

Yahoo Mail turns on HTTPS encryption by default to protect users

After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows tha...

Facebook implementing Advanced HTTPS to minimize NSA Interception

For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden. We have learned that the NSA is collecting...