Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN

Security Using Pre-Existing Routing for Mobile Ad hoc Networks The flexibility and mobility of Mobile Ad hoc Networks MANETs have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data...

U.S. Dept Of Defense: Open FTP on ███

Summary: FTP panel Allows anyone to connect to the FTP server,viewing and downloading any files hosted there. This isn't recommend especially if any sensitive information is stored Impact High severity vulnerability allowing total information disclosure of internal directories, and being allowed...

Ashley Madison Dating Site Agrees to Pay $1.6 Million Fine Over Massive Breach

Ashley Madison, an American most prominent dating website that helps married people cheat on their spouses has been hacked, has agreed to pay a hefty fine of $1.6 Million for failing to protect account information of 36 Million users, after a massive data breach last year. Yes, the parent company...

Paragon Initiative Enterprises: Using plain git protocol (vulnerable to MITM)

Using plain git protocol git://domain is insecure as the server is not verified MITM attacker can return different content if last commit not checked against known one more information about this issue Protocols to choose from when cloning: https://gist.github.com/grawity/4392747...

Medical Study Blasts Hospitals' Security Practices

A scathing rebuke of medical professionals’ attitudes toward information security reveals nurses and doctors fumble over protocols often putting patients at risk. The revealing study, “Workarounds to Computer Access in Healthcare Organizations PDF,” offers a fascinating look behind the privacy...

Big-Name Law Firms Fall Victim To Hackers

Wall Street-savvy hackers are behind a data breach that involves a who’s-who of New York City legal firms. Federal investigators are looking into the breach that included Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, both high-profile New York-based law firms. Cravath Swaine & Moore...

PT-2021-3057

Name of the Vulnerable Software and Affected Versions 802.11 standard affected versions not specified Check Point GAiA affected versions not specified Description The issue concerns a flaw in the authentication procedure of the 802.11 standard, which underlies Wi-Fi Protected Access WPA, WPA2, an...

PCI Council Gives Merchants Reprieve on PCI 3.1 Updates

The Payment Card Industry Security Standards Council PCI SSC released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended...

Twitter Adds Email Privacy Data to Transparency Report

The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014. In its latest transparency report, Twitter said that it received 2,436...

“Tear forced war”in the second quarter: Google found Windows 7 and Windows 8.1 there is a local mentioning right and sandbox escape vulnerabilities, Microsoft deny it-vulnerability warning-the black bar safety net

The Google security team recently found that Windows 7 and Windows 8.1 there is a local mentioning right and sandbox escape vulnerabilities, it was Microsoft's ruthless denied. Google will publish vulnerability details and POC. Vulnerability description This problem exists in theoperating systems...

OWASP SSL audit: O-Saft

O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important...

Apple Mac OS X Safari <= 2.0.3 (417.9.2) Multiple Vulnerabilities PoC

No description provided by source. !--- Safari 2.0.3 417.9.2 CELLSPACING Issue.. Discovered by: Tom Ferris tommyatsecurity-protocolsdotcom Tested on: Mac OS X 10.4.5 using Safari 03/16/2006 Security-Protocols.com Advisory: http://www.security-protocols.com/advisory/sp-xxx This program is free...

TW-WebServer 1.0 - Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7368/info It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server...

Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/10420/info Orenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both t...

MyServer 0.4.3 HTTP GET Argument Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7770/info myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP GET requests of excessive length. Although unconfirmed, this...

Xeneo Web Server 2.2.9 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7398/info Xeneo web server has been reported prone to denial of service vulnerability. It has been reported that a specifically crafted HTTP GET request containing over 4096 bytes of data will trigger this vulnerability...

NIST SP 800-52 Revision 1 Recommends TLS 1.2 by Jan. 1, 2015

U.S. federal government agencies are being told they should move to TLS 1.2 by the beginning of 2015. The National Institute for Standards and Technology, NIST, recently released NIST Special Publication 800-52 Revision 1, which includes the final public comments made since SP 800-52 was withdraw...

Researchers uncovered new malware used by Chinese cyber criminals

Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese cyber criminal group to target South East Asian organizations from the video gaming sector. Winnti malware used by hackers to hijack control of web users systems usin...

Nmap NSE 6.01: smb-enum-domains

Attempts to enumerate domains on a system, along with their policies. This generally requires credentials, except against Windows 2000. In addition to the actual domain, the 'Builtin' domain is generally displayed. Windows returns this in the list of domains, but its policies don't appear to be...

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...