119 matches found
IBM Verse - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application IBM Verse published at the 'play' market has multiple vulnerabilities...
BWL Kennzahlen Free - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application BWL Kennzahlen Free published at the 'play' market has multiple vulnerabilities...
Google Outlines Plans to Deprecate RC4, SSLv3
As expected, Google formally announced its intent to move away from the stream cipher RC4 and the SSLv3 protocol this week, citing a long history of weaknesses in both. Adam Langley, a security engineer for the company, announced the plans through a blog post on Thursday. While there isn’t a...
Double the bang for your buck with Acunetix Vulnerability Scanner
Acunetix have announced that they are extending their current free offering of the network security scan, part of their cloud-based web and network vulnerability scanner. Those signing up for a trial of the online version of Acunetix vulnerability scanner will now be able to scan their perimeter...
[SE-2014-02] Google App Engine Java security sandbox bypasses (details)
Hello All, Details of our SE-2014-02 project have been released to the public. A technical writeup and accompanying Proof of Concept codes can be found at the following location: http://www.security-explorations.com/en/SE-2014-02-details.html In case of Google App Engine for Java, its first layer...
Hacking Smart Electricity Meters To Cut Power Bills
Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face...
Granding MA300 - Weak Pin Encryption Brute Force
source: https://www.securityfocus.com/bid/69390/info Grand MA 300 is prone to multiple security weaknesses. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-force attacks on pin to gain unauthorized access. This may aid in other attacks...
NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses
No description provided by source. source: http://www.securityfocus.com/bid/31853/info MIFARE Classic is prone to multiple security weaknesses: 1. A security weakness may allow attackers to recover the internal state of the linear feedback shift register. 2. A security weakness may allow attacker...
Santander BillPay Security Vulnerabilities Patched
Security weaknesses on the Santander Group BillPay website and mobile banking application have been addressed by the financial services organization’s developer Headland after they were exposed less than a week ago. U.K. consultant Paul Moore of Cresona Corp., reported a number of serious...
Department of Energy Susceptible to Attack
An audit of the Department of Energy has shown that 29 new weaknesses emerged on the agency’s networks this year in addition to 10 existing that the DoE failed to fix after a 2012 audit. The audit, undertaken by the Office of Inspector General and the Office of Audits and Inspections, revealed...
Windows 8 Picture Gesture Authentication Research
Typing on a smartphone or tablet keyboard lends itself to a lot of fat-fingered mistakes. Recent updates to mobile operating systems and desktop OSes such as Windows 8, however, have tried to better leverage the touch screen for things such as authentication. Users, for example, have the option o...
JavaScript and Timing Attacks Used to Steal Browser Data
LAS VEGAS–Security researchers have been warning about the weaknesses and issues with JavaScript and iframes for years now, but the problem goes far deeper than even many of them thought. A researcher in the U.K. has developed a new technique that uses a combination of JavaScript-based timing...
Massive 167Gbps DDoS attacks against Banking and Financial Institutions
DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique. Prolexic, the global leader in Distributed Denial of Service DDoS protection services, announced that it has successfully...
Apache Tomcat 7.0.x < 7.0.30 DIGEST Authentication Multiple Security Weaknesses
Binary data 800606.prm...
Apache Tomcat 5.5.x < 5.5.36 DIGEST Authentication Multiple Security Weaknesses
According to its self-reported version number, the instance of Apache Tomcat 5.5.x listening on the remote host is prior to 5.5.36. It is, therefore, affected by the following vulnerabilities : - Replay-countermeasure functionality in HTTP Digest Access Authentication tracks cnonce values instead...
Microsoft Releases Attack Surface Analyzer Tool
Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...
Interview: Android Engineered To Enable Data Harvesting
We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google’s Android mobile operating system. Brodeur was able to show, using a proof of concept application, that Android applications without any permissions can still access fil...
Are Some Certificate Authorities Too Big To Fail?
In the wake of this weekend’s revelations of the seriousness of the attack on certificate authority DigiNotar, security experts have renewed criticism of the Internet’s digital certificate infrastructure, with some wondering if larger certificate authorities CAs might be too big to fail...
Siemens Warns of Password Vulnerability in SCADA Software
Siemens AG issued an advisory to customers on Tuesday warning of a weakness in its Simatic S7 programmable logic controllers that could allow a remote attacker to intercept and decipher passwords, or change the configuration of the devices. Siemens advised customers to restrict physical and logic...
Italian Universities dump database Leaked by LulzStorm
Italian Universities dump database Leaked byLulzStorm LulzStorm , Another Antisec supporter leaked Italian Universities dump database via a tweet on twitter. He release a torrent link and a Mediafire mirror link with a archive of 2.74 Mb. This Archive Include hacked database if 18 Italian...