iMessage Chat app for Android Worries Security Experts

UPDATE – Security experts and mobile developers are warning Android users to steer clear of an app purporting to be an Android version of Apple’s iMessage technology. The app has been pulled from Google Play according to a Google spokesperson, but it remains available on several third party sites...

Oil, Energy Watering Hole Attacks Linked to DOL attack

A string of watering hole attacks targeting oil and energy companies dating back to May could be linked to similar attacks against the U.S. Department of Labor website. Researchers at Cisco discovered the compromised domains of 10 oil and energy companies worldwide, including hydroelectric plants...

NSA Bought Exploit Service From VUPEN, Contract Shows

The U.S. government–particularly the National Security Agency–are often regarded as having advanced offensive cybersecurity capabilities. But that doesn’t mean that they’re above bringing in a little outside help when it’s needed. A newly public contract shows that the NSA last year bought a...

Dropbox installations hinder effectiveness of ASLR.

UPDATE: The popular cloud storage service Dropbox was reportedly undercutting the efficacy of access space layout randomization ASLR by failing to enable that feature within the dynamic link libraries DLLs it injects into other applications. The company now claims it has resolved the issue. Graha...

DNI Releases FISC Docs, But Legislators Say Much More Remains Hidden

The federal government has released hundreds of pages of documents, including orders and opinions from the secretive Foreign Intelligence Surveillance Court, related to the NSA’s surveillance programs, but legislators who have been involved in the process say that there still are significant...

Anonymity Tool Tor gains more than 1.2 Million new users since NSA PRISM scandal

Since Snowden came forward with details about the NSA's PRISM program in June, web users concerned about online privacy are increasingly turning toward privacy tools to protect their online data. U.S. Government project PRISM allows the government to tap phone calls, email, and web browsing of an...

[SECURITY] Fedora 18 Update: acpid-2.0.19-5.fc18

acpid is a daemon that dispatches ACPI events to user-space programs...

CVE-2013-4761

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

Code injection

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

CVE-2013-4761

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

CVE-2013-4761

The CVE-2013-4761 issue affects Puppet and Puppet Enterprise: remote attackers can execute arbitrary Ruby code from the master via the resource_type service, exploiting it only when local file system access to the Puppet Master is possible. Affected lines include Puppet 2.7.x before 2.7.23, 3.2.x...

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices

The Kaspersky Lab researchers recently have discovered a number of Android malware apps are abusing the Google Cloud Messaging Service GCM as Command and Control server. The GCM service allows Android app developers to send messages using JSON Format for installed apps, but hackers exploited it f...

Fedora Update for samba FEDORA-2013-14355

Check for the Version of samba OpenVAS Vulnerability Test Fedora Update for samba FEDORA-2013-14355 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

CVE-2013-4761

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

Apache suEXEC - Information Disclosure Privilege Escalation

Apache suEXEC - Information Disclosure Privilege Escalation Apache suEXEC privilege elevation / information disclosure Discovered by Kingcope/Aug 2013 The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web...

[SECURITY] Fedora 19 Update: gksu-polkit-0.0.3-8.gitf8ce834c.fc19

This is a library and application used to ask the user for passwords to run programs as root...

Snowden : Seven Private Telecom Companies giving unlimited access to British spy agency

The latest release from Edward Snowden shows that the Vodafone, BT, Verizon and some other total seven Private Telecom Companies have been secretly collaborating with the British spy agency, GCHQ and giving unlimited access to the details of phone calls, emails and Facebook entries. Another leak...

Fedora Update for nodejs-editor FEDORA-2013-11780

Check for the Version of nodejs-editor OpenVAS Vulnerability Test Fedora Update for nodejs-editor FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

NSA Director Alexander Defends Surveillance at Black Hat

LAS VEGAS –NSA director Gen. Keith Alexander’s keynote today at Black Hat USA 2013 was a tense confessional, an hour-long emotional and sometimes angry ride that shed some new insight into the spy agency’s two notorious data collection programs, inspired moments of loud applause in support of the...

[SECURITY] Fedora 19 Update: npm-1.3.3-1.fc19

npm is a package manager for node.js. You can use it to install and publish your node programs. It manages dependencies and does other cool stuff...