- Fri, 03 Feb 2012 22:56:28 +0000: Follow-up: Man gets seven years in prison for Navy credit card scam - Office of Inadequate Security
Here’s a follow-up to a breach previously noted on this blog: Tim McGlone reports that the leader of a credit card... - Fri, 03 Feb 2012 19:55:31 +0000: Hungarian citizen who attempted to extort Marriott International into giving him a job sentenced to prison - Office of Inadequate Security
As an update to a case previously mentioned on this blog, Dow Jones Newswire reports that Attila Nemeth has been sentenced... - Fri, 03 Feb 2012 19:34:31 +0000: SLC Police Department hack: hackers delete their own files after reiterating pledge not to expose residents’ personal info - Office of Inadequate Security
Hacktivism raises all kinds of ethical issues. In an unusual move, hackers responsible for the hack of the Salt Lake City... - Fri, 03 Feb 2012 13:26:41 +0000: Why Are We Only Finding Out About the VeriSign Security Breach Now? - Office of Inadequate Security
Keith Wagstaff gives voice to the question many of us were asking yesterday, “Why Are We Only Finding Out About the... - Fri, 03 Feb 2012 12:17:39 +0000: PA: Printing Company Accidentally Releases SSN’s In Derry Twp. - Office of Inadequate Security
WGAL reports that Security Savings Systems of New Cumberland mailed 1099-G forms to taxpayers that exposed others’...
- Fri, 03 Feb 2012 18:58:39 +0000: 4,933 e-mail addresses and MD5 passwords dumped on the Internet - OSF Data Loss - Latest Incidents
Obiblio data loss incident circa 2012-02-01 - Fri, 03 Feb 2012 18:55:23 +0000: 2,061 usernames, encrypted passwords (some plain-text) and e-mail addresses dumped on Internet - OSF Data Loss - Latest Incidents
BMW Motorcycle Owners of America data loss incident circa 2012-01-27 - Fri, 03 Feb 2012 18:51:29 +0000: Mailing error exposed 2,038 taxpayers' Social Security numbers to other taxpayers - OSF Data Loss - Latest Incidents
Security Savings Systems Inc. data loss incident circa 2012-02-02 - Fri, 03 Feb 2012 18:46:53 +0000: 608 clients' files with account application information missing from storage - OSF Data Loss - Latest Incidents
Unknown Organization data loss incident circa 2012-02-03 - Fri, 03 Feb 2012 16:44:22 +0000: 787 police officers' names, usernames, plain-text passwords, agencies and addresses (some home addresses) dumped on the Internet - OSF Data Loss - Latest Incidents
Texas Police Association data loss incident circa 2012-02-01
- Thu, 02 Feb 2012 17:15:36 +0000: Apple Releases Multiple Security Updates - US-CERT Current Activity
Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.
US-CERT encourages users and administrators to review Apple Support Article HT5130 and apply any necessary updates to help mitigate the risks.
Additional information regarding CVE-2011-3449 can be found in US-CERT Vulnerability Note VU#410281.
Additional information regarding CVE-2011-3446 can be found in US-CERT Vulnerability Note VU#403593. - Wed, 01 Feb 2012 14:50:28 +0000: Mozilla Releases Firefox 10 and 3.6.26 - US-CERT Current Activity
The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or perform a cross-site scripting attack.
US-CERT encourages users and administrators to review the Mozilla Foundation Advisories for Firefox 10 and Firefox 3.6.26 and apply any necessary updates to help mitigate the risk. - Tue, 24 Jan 2012 22:35:42 +0000: Denial-of-Service Malware Campaign - US-CERT Current Activity
US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous.
US-CERT encourages users and administrators to do the following to reduce the risk associated with this and other malware campaigns:
- Do not open attachments in email messages from unknown sources.
- Install anti-virus software and keep virus signatures files up to date.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
- Refer to the Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware.
- Refer to the Continuing Denial of Service Threats Posed by DNS recursion (v2.0) (pdf) document and Understanding Denial-of-Service Attacks document for additional information on denial-of-service attacks.
- Tue, 24 Jan 2012 18:03:34 +0000: Google Releases Chrome 16.0.912.77 - US-CERT Current Activity
Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 16.0.912.77 - Tue, 24 Jan 2012 16:30:37 +0000: Symantec pcAnywhere Hotfix - US-CERT Current Activity
Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows:- pcAnywhere 12.5 SP3
- pcAnywhere Solutions 7.1 GA, SP 1, and SP 2
US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and apply any necessary updates to help mitigate the risk.
US-CERT will provide additional information as it becomes available.
- Thu, 02 Feb 2012 23:00:00 +0000: Critical - MDVSA-2012:013 - Security issues were identified and fixed in... - Security-Database Alerts Monitor : Last 100 Alerts
Security issues were identified and fixed in mozilla firefox and thunderbird: Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0... - Thu, 02 Feb 2012 23:00:00 +0000: NA - CVE-2011-4878 - Directory traversal vulnerability in... - Security-Database Alerts Monitor : Last 100 Alerts
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP,... - Thu, 02 Feb 2012 23:00:00 +0000: NA - CVE-2011-4513 - Siemens WinCC flexible 2004, 2005, 2007, and... - Security-Database Alerts Monitor : Last 100 Alerts
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible... - Thu, 02 Feb 2012 23:00:00 +0000: NA - CVE-2011-4508 - The HMI web server in Siemens WinCC flexible... - Security-Database Alerts Monitor : Last 100 Alerts
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI... - Thu, 02 Feb 2012 23:00:00 +0000: NA - CVE-2011-4514 - The TELNET daemon in Siemens WinCC flexible... - Security-Database Alerts Monitor : Last 100 Alerts
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced;...