bitbucket attempted security breach

Bitbucket https://bitbucket.org/socialauth/migrate/?next=/ is asking for my atlassian password. Asking for a password for another website is at best bad practice...

June 2016 security update release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

drchrono: Information Disclosure

Hey, I found Following Security issue on your site. Information Disclosure :- your Wordpress installation in Disclosing its version Number in https://drchrono.com/blog/readme.html This can a hacker in speeding up the process or information gathering though discovering your wordpress version numbe...

Gratipay: don't store CSRF tokens in cookies

Your web application generates CSRF token values inside cookies which is not a best practice for web applications as revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only. More...

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

In Brief Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data. But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect...

April 2016 Security Update Release

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

Math Practice Flash Cards - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Math Practice Flash Cards published at the 'play' market has multiple vulnerabilities...

English Practice - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application English Practice published at the 'play' market has multiple vulnerabilities...

German Practice - Customized SSL, Redefined SSL Common Names verifier, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application German Practice published at the 'play' market has multiple vulnerabilities...

Password Security — Who's to Blame for Weak Passwords? Users, Really?

The majority of Internet users are vulnerable to cyber threats because of their own weaknesses in setting up a strong password. But, are end-users completely responsible for choosing weak passwords? Give a thought. Recently we wrote an article revealing the list of Worst Passwords of 2015 that...

January 2016 Security Update Release Summary

Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security...

Oracle Java FTC Settlement

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform. Since then, Oracle has improved the Java user experience by denying unsigned applets...

November 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

Audio Video Media Forensics

Our media forensics practice is a fast growing part of Coalfire. Were often asked what we can do, and this post is intended to be a quick primer to provide some background if youre in need of this service and what you can expect from us and others in the field...

September 2015 Security Update Release Summary

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Librar...

Best Practices to Protect You, Your Network, and Your Information

The National Cybersecurity and Communications Integration Center NCCIC and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration...

France May Offer Asylum to Edward Snowden and Julian Assange

In wake of the latest revelations about the National Security Agency NSA global spying on country’s leaders, France may decide to offer political asylum to whistleblowers Edward Snowden and Julian Assange, as a "symbolic gesture." Former NSA contractor Edward Snowden, who is facing criminal...

openEMR 4.2.0 Cross Site Scripting / SQL Injection

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...

The U.S. Department of Energy's security threat intelligence use cases for Flexible Transform-vulnerability warning-the black bar safety net

2015-01-07 2 2:0 5 ! Slide 1 Recently will continue to share the collection to the security threat intelligence-related material, the first a first to a U.S. Department of Energy's security threat intelligence practice. Security threat intelligence technology in the United States has been widely...

webERP <= 4.08.1 - Local/Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-06-27 webERP = 4.08.1 Local/Remote File Inclusion Vulnerability Script: Accounting & Best...