Original release date: August 07, 2014 OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are…
Original release date: August 06, 2014 Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected…
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”…
Original release date: August 04, 2014 US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this…
Original release date: July 22, 2014 The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code. The following updates are available: Firefox 31 Thunderbird 31 Firefox…
Original release date: July 22, 2014 The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack" (iDATA) cyber research program. The report contains descriptions and outcomes from a number of…
Original release date: July 21, 2014 Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to…
Original release date: July 16, 2014 Cisco has released an advisory to address a vulnerability in the web server used in multiple Wireless Residential Gateway products that could allow an unauthenticated, remote attacker to crash the web server and execute arbitrary code with elevated privileges.…
Original release date: July 15, 2014 Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 29 for Oracle Fusion Middleware 7 for Oracle Hyperion 1 for Oracle…
Original release date: July 10, 2014 Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft…
Original release date: July 09, 2014 Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected…
SANS Security Tip: Don’t get hooked by a Phishing expedition Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look…
From “ask the lawyer on FaceBook”: Irena Dimitrieva June 7 at 9:35am · Edited IMPORTANT NOTE: We only answer questions that involve Pennsylvania law. We are NOT permitted by our rules of ethics to respond to questions that involve other states’ laws. Please do NOT ask questions if you are in…
The BBC is reporting that “The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.” Evgeniy Bogachev, said to be known as “lucky12345″ and “slavik”, is accused of being involved in attacks on more than a million…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.