I received an email last night from my online video rental provider that they were compromised and that my personal information may have been stolen. I immediately thought that this was a “phishing” scam and deleted the email. With all the compromised data in recent years though, Sony, and Barnes and Noble to name a […]
At HALOCK®, we recognize there’s a tremendous amount of concern surrounding cloud-based security. Most of the concern is focused around the risk of moving assets to the cloud and that worry has slowed down the adoption of virtualized infrastructure. It has been a challenge to find solid data surrounding cloud security risks. So when one […]
Overview DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. Impact CVSS Severity (version 2.0):
CVE-2011-5251 – vBulletin – Multiple Open Redirects Overview Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. Impact CVSS Severity (version 2.0):
Product: Nexpose Security ConsoleVendor: Rapid7Version: < 5.5.3Tested Version: 5.5.1Vendor Notified Date: December 19, 2012Release Date: January 2, 2013Risk: HighAuthentication: None requiredRemote: Yes
CVE-2012-6494 – Nexpose Security Console – Session Hijacking Product: Nexpose Security Console Vendor: Rapid7 Version: < 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: Medium Authentication: Access to logs required. Remote: Yes
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.
CVE-2012-6342: Atlassian Confluence Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind […]
We all know Windows Active Directory is a great solution to centrally manage users and computers.