White House Releases Plan to End Section 215 Bulk Collection

The White House today unveiled a five-point plan to end the National Security Agency’s bulk collection of phone call metadata, preserving what it says is a balance between the intelligence community’s national security needs and the public’s desire to maintain its privacy. The proposal ends the...

VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)

VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with ...

NSA Surveillance Reform Demonstrate Need for Public Scrutiny

The Snowden leaks and the ensuing critical spotlight shone on the National Security Agency’s surveillance programs have nudged many technologists, privacy hounds and politicians away from their desks and onto the front lines calling for reforms. Two nights ago, the New York Times reported that...

White House Proposal Would End NSA Metadata Program

Privacy advocates are cautiously applauding the reports that the Obama administration will unveil a legislative proposal to end the National Security Agency’s collection of Americans’ bulk phone records, but are concerned what the fine print on that proposal might hold. “Given all the various way...

IBM Cognos Express敏感信息泄漏漏洞

Bugtraq ID:66361 CVE ID:CVE-2013-5445 IBM Cognos Express是一款为满足中型企业的需求而构建的商业智能和计划集成解决方案。 IBM Cognos Express存在未明安全漏洞，远程攻击者可以利用漏洞获取服务器上的加密验证凭据。 0 IBM Cognos Express 10.2.1 IBM Cognos Express 10.1 IBM Cognos Express 9.5 IBM Cognos Express 9.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：...

Oracle Business Intelligence Publisher (October 2012 CPU)

According to the self-reported version of the Remote Oracle Business Intelligence Publisher install, it is missing the October 2012 Critical Patch Update. It is, therefore, affected by multiple reflected cross-site scripting vulnerabilities and an XML eXternal Entity XXE injection vulnerability...

NSA RETRO Tool Collects Content of Phone Calls

The latest in the slow but steady trickle of leaks dripping out of NSA whistleblower Edward Snowden reportedly shows that the U.S. spying agency has the capacity to recall entire foreign phone call conversations for as long a month after the fact. The program, according to a Washington Post repor...

Former Church Committee Members See Need for New Group to Investigate NSA

In a letter sent to President Obama and members of Congress, former members and staff of the Church Committee on intelligence said that the revelations of the NSA activities have caused “a crisis of public confidence” and encouraged the formation of a new committee to undertake “significant and...

AlienVault Unified Security Management: Real-Time Threat Detection Starting on Day 1

IT Infrastructure of organizations is growing ever more distributed, complex and difficult to manage. To manage such networks, a log management solution is not enough. The AlienVault Unified Security Management™ USM platform is the perfect solution to help manage the flood of information and...

Mark Zuckerberg frustrated; Obama irritated and Finally NSA Stated

The US intelligence agency NSA National Security Agency broke the Silence on the claim that it has reportedly ‘infected millions of computers around the world with malware’ and that it is ‘impersonating U.S. Social media or other websites’, emphasized the claim as inaccurate. The document provide...

US Prosecutor drops Criminal charges against Barrett Brown

U.S. Prosecutors decided not to pursue crucial criminal charges against journalist and activist Barrett Brown, and dismiss a majority of charges related to sharing a link to a dump of credit card numbers connected to the breach of intelligence firm Stratfor. Supporters say Brown just copied the...

Uroburos Rootkit: Most sophisticated 3-year-old Russian Cyber Espionage Campaign

The Continuous Growth of spyware, their existence, and the criminals who produce & spread them are increasing tremendously. It’s difficult to recognize spyware as it is becoming more complex and sophisticated with time, so is spreading most rapidly as an Internet threat. Recently, The security...

Verizon Updates 2013 Transparency Report With FISA Data

Verizon updated its transparency report yesterday, breaking down National Security Letter and Foreign Intelligence Surveillance Act FISA orders for the first and second halves of 2013. The telecommunications giant released its first transparency report in late January, responding to pressure from...

SpagoBI 4.0 - Persistent HTML Script Insertion

Exploit for php platform in category web applications SpagoBI1 is an Open Source Business Intelligence suite, belonging to the free/open source SpagoWorld initiative, founded and supported by Engineering Group2. It offers a large range of analytical functions, a highly functional semantic layer...

SpagoBI 4.0 - Persistent XSS Vulnerability

Exploit for php platform in category web applications 1. Vulnerability Information CVE reference: CVE-2013-6232 CVSS v2 Base Score: 4 CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Component/s: SpagoBI Class: Input Manipulation 2. Introduction SpagoBI1 is an Open Source Business Intelligence suite,...

SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload

Advisory Information Title: XSS File Upload Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6234 CVSS v2 Base Score: 4 CVSS v2 Vector:...

SpagoBI 4.0 Stored Cross Site Scripting

Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference: CVE-2013-6232 CVSS v2 Base...

Government Surveillance Could Targeted Automated Updates

SAN FRANCISCO – As more Web-based services are encrypted, privacy advocates are concerned the next wave of aggressive surveillance activity could target automated update services that essentially provide Internet companies root access to machines. Chris Soghoian, principal technologist with the...

Bruce Schneier on Surveillance and Trust

Dennis Fisher talks with Bruce Schneier about the differences between bulk and targeted surveillance, the most concerning NSA revelations and making surveillance more expensive for intelligence agencies. Download: digitalunderground145.mp3...

Silent Circle's Blackphone - Privacy and Security Focused Smartphone for $629

Earlier this year encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone announced a privacy-focused encrypted Smartphone called 'Blackphone' and today the company has revealed it as 'Mobile World Congress' in Barcelona. The Blackphone titled as, “world’s first...