The Federal Bureau of Investigation, Secret Service and National Security Agency are investigating data breaches at J P Morgan. The Wall Street Journal reports: The potential infiltration of bank computer systems represents one of the biggest concerns expressed by top bank executives in recent…
Original release date: August 27, 2014 Google has released Chrome 37.0.2062.94 for Windows, Mac and Linux. This update includes 50 security fixes some of which could allow a remote attacker to obtain unauthorized access or cause a denial of service. US-CERT encourages users and administrators to…
Original release date: August 22, 2014 US-CERT is aware of Backoff malware compromising a significant number of major enterprise networks as well as small and medium businesses. US-CERT encourages administrators and operators of Point-of-Sale systems to review the Backoff malware alert to help…
Twenty PA hospitals lost millions of patient’s personal information including social security numbers. The healthcare provider released the following notification: In July 2014, Community Health Systems Professional Services Corporation (“CHSPSC”) confirmed its computer network was the…
Original release date: August 18, 2014 US-CERT is aware of a breach of sensitive patient identification information affecting approximately 4.5 million patients and customers of Community Health Systems, Inc. As part of DHS, US-CERT is working together with the FBI and the Department of Health and…
Original release date: August 14, 2014 New Zealand’s National Cyber Security Centre (NCSC) has released Security Advisory NCSC-C-2014-17 which highlights a spearphishing campaign targeting government employees. The NCSC provides enhanced cybersecurity services to the New Zealand Government and…
Original release date: August 14, 2014 Apple has released security updates for Safari to address vulnerabilities which could allow an attacker to execute arbitrary code or cause an unexpected application termination. Updates include Safari 6.1.6 and Safari 7.0.6 for OS X Lion v10.7.5, OS X Lion…
Original release date: August 13, 2014 Google has released security updates to address multiple vulnerabilities in Chrome, Chrome OS and Chrome for Android. Some of these vulnerabilities could potentially allow an attacker to obtain sensitive information or cause a denial of service. Updates…
Original release date: August 12, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are…
Original release date: August 12, 2014 Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote…
Original release date: August 07, 2014 OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are…
Original release date: August 06, 2014 Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected…
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”…
SANS Security Tip: Don’t get hooked by a Phishing expedition Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.