How to improve digital immunity by sharing Indicators of Attack.
In my last post, I outlined the difference between relying on Indicators of Compromise versus Indicators of Attack for digital security. The emphasis here is not that these indicators are new, but that it is imperative to share this early information among all of the different security systems and programs.… Read the rest
Real SSNs tied with fake identities are reaping criminals big profits.
The next time some company tells consumers that an attacker only managed to steal Social Security numbers (SSNs) from a database but has no way of tying those back to customer names, the market should still be worried.… Read the rest
Attack appears smaller in scope but similar to incidents reported by several other major retailers this year.
Staples has joined the rapidly growing list of major retailers that have suffered a data breach this year.
Multiple banks say they have identified a pattern of fraud associated with credit and debit cards that were used at several Staples locations in the Northeast US recently, according to a report by KrebsOnSecurity.… Read the rest
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device.… Read the rest
Banks: Credit Card Breach at Staples Stores
Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.
Asterisk Project Security Advisory – AST-2014-011
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Exploits Known No
Reported On 16 October 2014
Reported By abelbeck
Posted On 20 October 2014
Last Updated On October 20, 2014
Advisory Contact Matt Jordan
CVE Name CVE-2014-3566
Description The POODLE vulnerability – described under CVE-2014-3566 – is
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566.… Read the rest
—–BEGIN PGP SIGNED MESSAGE—–
APPLE-SA-2014-10-20-1 iOS 8.1
iOS 8.1 is now available and addresses the following:
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories.… Read the rest
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in LiteCart
Affected Software : LiteCart
Affected Versions: 188.8.131.52 and possibly below
Vendor Homepage : http://www.litecart.net
Vulnerability Type : Cross-site Scripting
Severity : Important
Netsparker Advisory Reference : NS-14-032
Several cross-site scripting vulnerabilities where discovered in
LiteCart, an open source project that allows you to create a
e-commerce sites.… Read the rest
Apple released security update today for iOS 8 and Apple TV 7.
iOS 8.1 (APPLE-SA-2014-10-20-1 iOS 8.1) is now available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, to addresses the following:
House Arrest CVE-2014-4448
iCloud Data Access CVE-2014-4449
Secure Transport CVE-2014-3566
Apple TV 7.0.1 (APPLE-SA-2014-10-20-2 Apple TV 7.0.1) is now available for Apple TV 3rd generation and later, to address the following:
Secure Transport CVE-2014-3566