847.221.0200  Main Office
800.925.0559  INCIDENT RESPONSE HOTLINE

Halock Blog

bugthumb

CVE-2016-2046 – CROSS SITE SCRIPTING IN SOPHOS UTM 9 »

Title: CVE-2014-4980 Parameter Tampering in Nessus Web UI – Remote Information Disclosure
Product: Sophos UTM 9
Vendor: Sophos
Version: 9.350-12 with pattern version 92405 (potentially lower)
Vendor Notified Date: December 14, 2015
Vendor Resolved Date: December 18, 2015
Release Date: January 28, 2016
Risk: Medium
Authentication: Not Required
Remote: Yes
Description:
A cross-site scripting vulnerability exists in Sophos UTM 9.350-12 with pattern version 92405 that allows … Read More »

dontpanic-thumb

CYBER SECURITY INCIDENT REMEDIATION: COMMON PROCEDURES FOR RESPONDING TO COMPUTER INTRUSIONS »


By Todd Hacke
The moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play?
While having a full incident response plan, a trained response team, and well-placed log … Read More »

insidethreatthumb

RECOGNIZING THE THREAT FROM WITHIN »


Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious … Read More »

jpmorgan_thumb

THE JP MORGAN CHASE HACKER INDICTMENTS EXEMPLIFY HOW BACKWARD THE INFOSEC SPACE IS »


Cybersecurity audits mean nothing to hackers. And in fact, neither do short-sighted privacy regulations. Hackers have been showing us this for years. And not just because they find ways to exploit systems before you have a chance to lock them down. It’s more than that. Hackers find value in your systems and data that … Read More »

whatishipaa-thumb

WHAT IS HIPAA? »


HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA. For deeper coverage into the HIPAA Security Rule, take the “master class” here.
The … Read More »

View Older Posts