Digital Security: Taking an Uncompromising Stand

How to improve digital immunity by sharing Indicators of Attack.

In my last post, I outlined the difference between relying on Indicators of Compromise versus Indicators of Attack for digital security. The emphasis here is not that these indicators are new, but that it is imperative to share this early information among all of the different security systems and programs.… Read the rest


Synthetic Identity Fraud A Fast-Growing Category

Real SSNs tied with fake identities are reaping criminals big profits.

The next time some company tells consumers that an attacker only managed to steal Social Security numbers (SSNs) from a database but has no way of tying those back to customer names, the market should still be worried.… Read the rest

Several Staples Stores Suffer Data Breach

Attack appears smaller in scope but similar to incidents reported by several other major retailers this year.

Staples has joined the rapidly growing list of major retailers that have suffered a data breach this year.

Multiple banks say they have identified a pattern of fraud associated with credit and debit cards that were used at several Staples locations in the Northeast US recently, according to a report by KrebsOnSecurity.… Read the rest

Breach Security 101

In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device.Read the rest

Banks: Credit Card Breach at Staples Stores

Banks: Credit Card Breach at Staples Stores

20
Oct 14

Banks: Credit Card Breach at Staples Stores

facebooktwittergoogle_plusredditpinterestlinkedinmail

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. 

Read the rest

Bugtraq: AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability

Asterisk Project Security Advisory – AST-2014-011

Product Asterisk
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Medium
Exploits Known No
Reported On 16 October 2014
Reported By abelbeck
Posted On 20 October 2014
Last Updated On October 20, 2014
Advisory Contact Matt Jordan
CVE Name CVE-2014-3566

Description The POODLE vulnerability – described under CVE-2014-3566 – is
described at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566.… Read the rest

Bugtraq: APPLE-SA-2014-10-20-1 iOS 8.1

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-10-20-1 iOS 8.1

iOS 8.1 is now available and addresses the following:

Bluetooth
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories.… Read the rest

Bugtraq: APPLE-SA-2014-10-20-2 Apple TV 7.0.1

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

APPLE-SA-2014-10-20-2 Apple TV 7.0.1

Apple TV 7.0.1 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A malicious Bluetooth input device may bypass pairing
Description: Unencrypted connections were permitted from Human
Interface Device-class Bluetooth Low Energy accessories.… Read the rest

Bugtraq: LiteCart Security Advisory – Multiple XSS Vulnerabilities – CVE-2014-7183

Information
———–
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in LiteCart
Affected Software : LiteCart
Affected Versions: 1.1.2.1 and possibly below
Vendor Homepage : http://www.litecart.net
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2014-7183
Netsparker Advisory Reference : NS-14-032

Advisory URL
————
https://www.netsparker.com/xss-vulnerabilities-in-litecart/

Description
——————–
Several cross-site scripting vulnerabilities where discovered in
LiteCart, an open source project that allows you to create a
e-commerce sites.… Read the rest

Apple Multiple Security Updates, (Mon, Oct 20th)

Apple released security update today for iOS 8 and Apple TV 7.

iOS 8.1 (APPLE-SA-2014-10-20-1 iOS 8.1) is now available for iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, to addresses the following:

Bluetooth CVE-2014-4448
House Arrest CVE-2014-4448
iCloud Data Access CVE-2014-4449
Keyboards CVE-2014-4450
Secure Transport CVE-2014-3566

Apple TV 7.0.1 (APPLE-SA-2014-10-20-2 Apple TV 7.0.1) is now available for Apple TV 3rd generation and later, to address the following:

Bluetooth CVE-2014-4428
Secure Transport CVE-2014-3566

[1] https://support.apple.com/kb/HT1222

———–

Guy Bruneau IPSS Inc.Read the rest