Yet another large retailer has reported a data breach. “Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” said Mark Cautela, Staples’ public relations manager. Target, Home Depot and Dairy Queen have also been victims of…
Original release date: October 22, 2014 Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, ( CVE-2014-6352 ) which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control…
Original release date: October 20, 2014 Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL. Updates available include: iOS 8.1 for iPhone 4s and later, iPod touch 5th generation…
Original release date: October 17, 2014 US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends…
Original release date: October 17, 2014 Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0. US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details. This product is provided subject to this Notification and this…
Original release date: October 17, 2014 Drupal has released a security advisory to address an application program interface (API) vulnerability ( CVE-2014-3704 ) that could allow an attacker to execute arbitrary SQL commands on an affected system. This vulnerability affects all Drupal core 7.x…
Original release date: October 16, 2014 Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system. Updates available include: Chrome 38.0.2125.104 for Windows, Mac and…
Original release date: October 16, 2014 US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain…
Original release date: October 16, 2014 OpenSSL has released updates patching four vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or execute man-in-the-middle attacks. The following updates are available: OpenSSL 1.0.1 users should upgrade to 1.0.1j…
Russian hackers known as the “sandworm” team hacked through NATO’s Microsoft computers. It is believed Russian hackers are backed by the government to obtain information on Ukraine and other areas of interest. “This is consistent with espionage activity,” said iSight Senior Director…
Original release date: October 15, 2014 The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause…
Original release date: October 14, 2014 Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system. Users and administrators are encouraged to review Adobe Security Bulletins APSB…
It sound like a scene right out of a cartoon — Chase and Acme hacked. Wile E. Coyote would be so excited. Both Chase Bank and Acme supermarkets announced major data breaches and loss of customer data. Scores of millions of customer have been affected. JP Morgan announced their Chase division lost…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.