iva Magecart Gang Attacks Olympic Ticket Reseller And Survival Food Sites By packetstormsecurity.com Published On :: Mon, 10 Feb 2020 14:12:43 GMT Full Article headline malware bank cybercrime fraud
iva Microsoft To Employ California's Digital Privacy Law Nationwide By packetstormsecurity.com Published On :: Tue, 12 Nov 2019 15:24:20 GMT Full Article headline privacy microsoft usa
iva CES Surveillance Hype Worries Privacy Advocates By packetstormsecurity.com Published On :: Tue, 14 Jan 2020 15:50:34 GMT Full Article headline government privacy usa fraud spyware backdoor
iva McAfee, IBM Gobble Rival Security Intelligence Firms By packetstormsecurity.com Published On :: Tue, 04 Oct 2011 15:26:26 GMT Full Article headline ibm mcafee
iva Facebook's New Privacy Tool Lets You Manage How You're Tracked By packetstormsecurity.com Published On :: Tue, 28 Jan 2020 15:39:48 GMT Full Article headline privacy facebook social
iva Venmo Transaction Scraped In Privacy Warning To Consumers By packetstormsecurity.com Published On :: Tue, 18 Jun 2019 15:59:58 GMT Full Article headline privacy bank cybercrime data loss fraud flaw paypal
iva Without Encryption We Will Lose All Privacy. This Is Our New Battleground. By packetstormsecurity.com Published On :: Tue, 15 Oct 2019 13:49:15 GMT Full Article headline government privacy usa spyware nsa cryptography
iva Mandriva Linux Security Advisory 2007.226 By packetstormsecurity.com Published On :: Mon, 26 Nov 2007 22:26:07 GMT Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set. Full Article
iva Mandriva Linux Security Advisory 2007.232 By packetstormsecurity.com Published On :: Thu, 29 Nov 2007 01:19:35 GMT Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set. Full Article
iva Ivanti Workspace Manager Security Bypass By packetstormsecurity.com Published On :: Wed, 18 Mar 2020 14:54:31 GMT Ivanti Workspace Manager versions prior to 10.3.90 suffer from a bypass vulnerability. Full Article
iva Intel's Latest Spoiler: A Spectre-Style Hardware Exploit That Leaks Private Data By packetstormsecurity.com Published On :: Thu, 07 Mar 2019 02:07:16 GMT Full Article headline privacy data loss flaw intel
iva NSO Group Employees Sue Facebook For Blocking Private Accounts By packetstormsecurity.com Published On :: Tue, 26 Nov 2019 17:33:31 GMT Full Article headline fraud cyberwar israel spyware facebook social
iva Facebook Must Face Renewed Privacy Lawsuit Over User Tracking By packetstormsecurity.com Published On :: Fri, 10 Apr 2020 16:10:11 GMT Full Article headline government privacy usa facebook
iva Ivanti Workspace Control Registry Stored Credentials By packetstormsecurity.com Published On :: Mon, 01 Oct 2018 17:33:45 GMT A flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0. Full Article
iva Mandriva Linux Security Advisory 2013-271 By packetstormsecurity.com Published On :: Thu, 21 Nov 2013 19:33:57 GMT Mandriva Linux Security Advisory 2013-271 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to bsd.lib.mk and bsd.prog.mk. Full Article
iva Ireland Sides With Microsoft In Email Privacy Case By packetstormsecurity.com Published On :: Fri, 26 Dec 2014 15:39:00 GMT Full Article headline government privacy microsoft email usa ireland
iva Google Steps Up Browser Rivalry With Site Isolation Security By packetstormsecurity.com Published On :: Thu, 07 Dec 2017 14:24:14 GMT Full Article headline google chrome
iva Major European Private Hospital Operator Struck By Ransomware By packetstormsecurity.com Published On :: Thu, 07 May 2020 15:13:51 GMT Full Article headline malware cryptography
iva Federal Data Privacy Bill Takes Aim At Tech Giants By packetstormsecurity.com Published On :: Wed, 27 Nov 2019 16:03:10 GMT Full Article headline government privacy usa facebook social twitter
iva Mandriva Linux Security Advisory 2012-081 By packetstormsecurity.com Published On :: Thu, 24 May 2012 15:20:53 GMT Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed. Full Article
iva Hacker Gains Access To Some Private Microsoft GitHub Repos By packetstormsecurity.com Published On :: Fri, 08 May 2020 14:23:12 GMT Full Article headline hacker microsoft data loss
iva SSH/SSL RSA Private Key Passphrase Dictionary Enumerator By packetstormsecurity.com Published On :: Mon, 09 Apr 2018 16:22:49 GMT This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack. Full Article
iva UK Coronavirus App Must Respect Privacy Rights By packetstormsecurity.com Published On :: Mon, 23 Mar 2020 14:27:48 GMT Full Article headline privacy virus phone britain
iva UK Privacy Advocates Warn Over COVID-19 Contact Tracing App By packetstormsecurity.com Published On :: Thu, 30 Apr 2020 14:45:42 GMT Full Article headline government privacy virus phone britain
iva Facebook Broke German Privacy Laws By packetstormsecurity.com Published On :: Tue, 13 Feb 2018 16:19:47 GMT Full Article headline government privacy germany facebook social
iva Office 365 Declared Illegal In German Schools Due To Privacy Risks By packetstormsecurity.com Published On :: Tue, 16 Jul 2019 13:53:53 GMT Full Article headline government privacy microsoft flaw germany
iva Anonymous Leaks Paris Climate Summit Officials' Private Data By packetstormsecurity.com Published On :: Sat, 05 Dec 2015 02:08:03 GMT Full Article headline government data loss france anonymous
iva Facebook Hit By French Privacy Order By packetstormsecurity.com Published On :: Tue, 09 Feb 2016 15:04:08 GMT Full Article headline privacy data loss france facebook
iva French Privacy Regulator Fines Google $57M For GDPR Violation By packetstormsecurity.com Published On :: Tue, 22 Jan 2019 14:26:46 GMT Full Article headline government privacy google france
iva Facebook Emails Seem To Show Zuck Knew Of Privacy Issues By packetstormsecurity.com Published On :: Thu, 13 Jun 2019 16:06:51 GMT Full Article headline privacy email data loss facebook
iva Mandriva Linux Security Advisory 2015-208 By packetstormsecurity.com Published On :: Mon, 27 Apr 2015 16:20:27 GMT Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update. Full Article
iva Mandriva Linux Security Advisory 2015-209 By packetstormsecurity.com Published On :: Mon, 27 Apr 2015 16:21:20 GMT Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24. Full Article
iva Mandriva Linux Security Advisory 2015-210 By packetstormsecurity.com Published On :: Mon, 27 Apr 2015 16:22:27 GMT Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. Full Article
iva Mandriva Linux Security Advisory 2015-211 By packetstormsecurity.com Published On :: Mon, 27 Apr 2015 16:23:02 GMT Mandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly. Full Article
iva Mandriva Linux Security Advisory 2015-212 By packetstormsecurity.com Published On :: Tue, 28 Apr 2015 00:55:24 GMT Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. Full Article
iva Mandriva Linux Security Advisory 2015-213 By packetstormsecurity.com Published On :: Wed, 29 Apr 2015 18:22:00 GMT Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098. Full Article
iva Mandriva Linux Security Advisory 2015-214 By packetstormsecurity.com Published On :: Wed, 29 Apr 2015 18:23:00 GMT Mandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs. Full Article
iva Mandriva Linux Security Advisory 2015-215 By packetstormsecurity.com Published On :: Wed, 29 Apr 2015 18:25:00 GMT Mandriva Linux Security Advisory 2015-215 - The t1utils package has been updated to version 1.39, which fixes a buffer overrun, infinite loop, and stack overflow in t1disasm. Full Article
iva Mandriva Linux Security Advisory 2015-216 By packetstormsecurity.com Published On :: Wed, 29 Apr 2015 18:28:00 GMT Mandriva Linux Security Advisory 2015-216 - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting attacks against users of the web interface. Full Article
iva Mandriva Linux Security Advisory 2015-217 By packetstormsecurity.com Published On :: Thu, 30 Apr 2015 15:46:33 GMT Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues. Full Article
iva Mandriva Linux Security Advisory 2015-218 By packetstormsecurity.com Published On :: Thu, 30 Apr 2015 15:46:57 GMT Mandriva Linux Security Advisory 2015-218 - Multiple vulnerabilities have been found and corrected in glibc. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Various other issues were also addressed. The updated packages provides a solution for these security issues. Full Article
iva Mandriva Linux Security Advisory 2015-220 By packetstormsecurity.com Published On :: Mon, 04 May 2015 17:18:17 GMT Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user. Full Article
iva Mandriva Linux Security Advisory 2015-219 By packetstormsecurity.com Published On :: Mon, 04 May 2015 17:18:27 GMT Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user. Full Article
iva Mandriva Linux Security Advisory 2015-221 By packetstormsecurity.com Published On :: Mon, 04 May 2015 17:19:13 GMT Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues. Full Article
iva Mandriva Linux Security Advisory 2015-222 By packetstormsecurity.com Published On :: Mon, 04 May 2015 17:20:08 GMT Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon. Full Article
iva Mandriva Linux Security Advisory 2015-224 By packetstormsecurity.com Published On :: Mon, 04 May 2015 21:15:52 GMT Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue. Full Article
iva Mandriva Linux Security Advisory 2015-225 By packetstormsecurity.com Published On :: Mon, 04 May 2015 21:16:03 GMT Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password. Full Article
iva Mandriva Linux Security Advisory 2015-226 By packetstormsecurity.com Published On :: Mon, 04 May 2015 21:16:14 GMT Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service. Full Article
iva Mandriva Linux Security Advisory 2015-223 By packetstormsecurity.com Published On :: Mon, 04 May 2015 21:16:44 GMT Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. Full Article
iva Mandriva Linux Security Advisory 2015-227 By packetstormsecurity.com Published On :: Tue, 05 May 2015 19:26:36 GMT Mandriva Linux Security Advisory 2015-227 - This update provides MariaDB 5.5.43, which fixes several security issues and other bugs. Full Article