- Fri, 18 May 2012 10:34:30 +0000: Telstra privacy breach was ‘one little oops’ - Office of Inadequate Security
Andrew Colley reports: It was “one little oops” that led Telstra to expose over 800,000 customer records on the... - Thu, 17 May 2012 11:34:00 +0000: AU: Fish, chips, and a side order of card fraud - Office of Inadequate Security
Ben Grubb reports that the number of data breaches in Australia is at least double what is reported to the government... - Wed, 16 May 2012 11:14:52 +0000: UK council fined £70,000 following theft of highly sensitive data from employee’s home (updated with response from Council) - Office of Inadequate Security
From the Information Commissioner’s Office: The London Borough of Barnet has been issued with a penalty of £70,000 for... - Wed, 16 May 2012 00:22:31 +0000: Zero tolerance for human error? Utah governor fires tech director - Office of Inadequate Security
Heather May reports that at least one head has rolled in the wake of the Utah Department of Health breach in March: Gov.... - Tue, 15 May 2012 11:38:55 +0000: California DOJ notifies those affected by a hack of a retired agent’s email accounts - Office of Inadequate Security
Have I mentioned how valuable it is when states post breach notices online? A reader points me to a new addition to...
- Thu, 26 Apr 2012 02:45:08 +0000: Hacker accessed account names, handles, and encrypted passwords, at least some of which were decrypted - OSF Data Loss - Latest Incidents
Cryptic Studios data loss incident circa 2012-04-25 - Thu, 26 Apr 2012 02:44:13 +0000: 72 redacted names, e-mail addresses and passport numbers dumped on the Internet - OSF Data Loss - Latest Incidents
f1-racers.net data loss incident circa 2012-04-22 - Thu, 26 Apr 2012 02:39:08 +0000: File produced in litigation discovery erroneously contained registered voters' full Social Security numbers - OSF Data Loss - Latest Incidents
State of Texas data loss incident circa 2012-04-25 - Thu, 26 Apr 2012 02:08:42 +0000: Instructor used unredacted patients' x-rays as part of his course presentations without patient consent - OSF Data Loss - Latest Incidents
St. Mary's Hospital data loss incident circa 2012-04-22 - Wed, 25 Apr 2012 13:40:57 +0000: Printed documents containing protected patient information stolen from chief of psychiatry's car - OSF Data Loss - Latest Incidents
Oregon State Hospital data loss incident circa 2012-04-24
- Wed, 16 May 2012 14:23:10 +0000: Apple Releases QuickTime 7.7.2 - US-CERT Current Activity
Apple has released QuickTime 7.7.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple Support Article HT5261 and apply any necessary updates to help mitigate the risk.This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
- Tue, 15 May 2012 18:13:56 +0000: Google Releases Google Chrome 19 - US-CERT Current Activity
Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 19.This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
- Thu, 10 May 2012 18:30:25 +0000: Apple Releases Multiple Security Updates - US-CERT Current Activity
Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products:
- Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later
- OS X Lion v10.7.4 and Security Update 2012-002 for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3, Mac OS X v10.6.8, Mac OS X Server v10.6.8
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or perform a cross-site scripting attack.
US-CERT encourages users and administrators to review Apple articles HT5281 and HT5282 and apply any necessary updates to help mitigate the risks.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
- Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later
- Wed, 09 May 2012 16:43:37 +0000: Adobe Releases Security Bulletins for Multiple Products - US-CERT Current Activity
Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected:
- Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh
- Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh
- Adobe Flash Professional CS 5.5 (11.5.1.349) and earlier versions for Windows and Macintosh
- Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or take control of an affected system.
US-CERT encourages users and administrators to review the Adobe security bulletin and apply any necessary updates to help mitigate the risk.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
- Tue, 08 May 2012 20:29:51 +0000: Apple Releases iOS 5.1.1 - US-CERT Current Activity
Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address.
US-CERT encourages users and administrators to review Apple Support Article HT5278 and apply any necessary updates to help mitigate the risk.This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
- Thu, 17 May 2012 22:00:00 +0000: High - USN-1445-1 - Linux kernel vulnerabilities - Security-Database Alerts Monitor : Last 100 Alerts
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux:... - Wed, 16 May 2012 22:00:00 +0000: Medium - CVE-2012-0038 - Integer overflow in the xfs_acl_from_disk... - Security-Database Alerts Monitor : Last 100 Alerts
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed... - Wed, 16 May 2012 22:00:00 +0000: NA - USN-1443-1 - Update Manager vulnerabilities - Security-Database Alerts Monitor : Last 100 Alerts
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 Summary: Update Manager could expose sensitive information in... - Wed, 16 May 2012 22:00:00 +0000: Medium - CVE-2012-1090 - The cifs_lookup function in fs/cifs/dir.c in... - Security-Database Alerts Monitor : Last 100 Alerts
The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. - Wed, 16 May 2012 22:00:00 +0000: High - CVE-2012-2319 - Multiple buffer overflows in the hfsplus... - Security-Database Alerts Monitor : Last 100 Alerts
Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to...