OpenSSL Man-in-the-Middle Attack Vulnerability (CNVD-2015-04454)

OpenSSL is an open source capable of implementing Secure Sockets Layer and Secure Transport Layer protocols for general-purpose cryptographic libraries , which supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms , secure hash algorithms and so on. The...

Three Politicians Hacked Using Unsecured Wi-Fi Network

If you are one of our readers who follow The Hacker News every update, you probably know that Public WiFi network is a security risk. But many people aren’t aware, including our great politicians. Internet security provider F-Secure carried out an experimental hack against three prominent UK...

The vulnerability of Cisco ASA network firewalls allows attackers to gain access to traffic transmitted via IPSec and IKEv2 protocols.

The vulnerability of the Cisco ASA firewall’s cryptographic module is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to traffic transmitted via IPSec and IKEv2 protocols through a “man-in-the-middle...

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are...

Technical analysis: Femtocell home base station to a communication to intercept, fake arbitrary SMS vulnerability-vulnerability warning-the black bar safety net

Ali mobile security team with the Chinese Thiel Laboratory of wireless technology Ministry of communication experts together, the combination of domestic operator a type of Femtocell base station for the security analysis, found that the more pieces of the major vulnerabilities that can lead to...

IBM WebSphere MQIPT Information Disclosure Vulnerability

IBM WebSphere MQ is a solution for providing messaging services in the enterprise. IBM WebSphere MQIPT fails to properly handle HTTP session IDs, allowing remote attackers to exploit the vulnerability to guess the session ID to intercept MQ message data...

Trio of Vulnerabilities Patched in Magneto Web App

A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits, including phishing, session hijacking, and data interception. Hadji Samir, a researcher at the firm Vulnerability Lab dug up the problems...

Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability

A vulnerability in the AES-GCM code of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of an encrypted IPSec or IKEv2 packet, and for those modifications not to be detected. The vulnerability is due to an error on the firmware of the...

E-Detective Lawful Interception System - Multiple Vulnerabilities

Exploit for php platform in category web applications Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision Group...

E-Detective Lawful Interception System - Multiple Vulnerabilities

Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision Group E-Detective Lawful Interception System Vendor URL:...

E-Detective Lawful Interception System - Multiple Vulnerabilities

E-Detective Lawful Interception System - Multiple Vulnerabilities Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision...

E-Detective Lawful Interception System LFD / Code Execution

Advisory: E-Detective Lawful Interception System multiple security vulnerabilities Date: 14/06/2015 CVE: unassigned Authors: Mustafa Al-Bassam https://musalbas.com slipstream/RoL https://twitter.com/TheWack0lian Software: Decision Group E-Detective Lawful Interception System Vendor URL:...

REMnux v6 - A Linux Toolkit for Reverse-Engineering and Analyzing Malware

REMnux is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locat...

Proxenet - Hacker Friendly Proxy for Web Application Penetration Tests

Proxenet is a hacker friendly proxy for web application penetration tests. proxenet is a multi-threaded proxy which allows you manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy. proxenet supports...

Cisco FireSIGHT Management Center Cross-Site Scripting Vulnerability

A vulnerability in the Cisco FireSIGHT Management Center could allow an authenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker could exploit this...

Splunk Enterprise 5.0.x < 5.0.13 / 6.0.x < 6.0.9 / 6.1.x < 6.1.8 OpenSSL Vulnerabilities (FREAK)

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.13, 6.0.x prior to 6.0.9, or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL library : - A security feature bypass...

Researchers Exploit Windows Group Policy Bug Patched in February

Researchers from Core Security were able to exploit a security vulnerability in Windows Group Policy — MS15-011 — that was patched in February by Microsoft. Nicolas Economou, a senior exploit writer at Core Security, explained in a blog entry last week that Microsoft had in fact fixed the bug,...

CVE-2015-1915

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by interceptin...

Memory corruption

The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by interceptin...

Apple Watch multiple security vulnerabilities

Information interception, memory corruptions, code execution, information disclosure, DoS, privilege escalation...