Author Archives: HALOCK Security Labs

My Back Door is Secure but I Think I Left the Front Door Unlocked!

I received an email last night from my online video rental provider that they were compromised and that my personal information may have been stolen. I immediately thought that this was a “phishing” scam and deleted the email. With all the compromised data in recent years though, Sony, and Barnes and Noble to name a […]

Current State of Cloud Based Security

At HALOCK®, we recognize there’s a tremendous amount of concern surrounding cloud-based security. Most of the concern is focused around the risk of moving assets to the cloud and that worry has slowed down the adoption of virtualized infrastructure. It has been a challenge to find solid data surrounding cloud security risks. So when one […]

CVE-2013-1402 – DigiLIBE Management Console – Execution After Redirect (EAR) Vulnerability

OverviewDigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html. Impact CVSS Severity (version 2.0):

The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines.

The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data.

CVE-2012-6342: Atlassian Confluence – Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

CVE-2012-6342: Atlassian Confluence Product: ConfluenceVendor: AtlassianVersion: 3.0 / CurrentTested Version: 3.4.6Vendor Notified Date: June 31, 2011Release Date: September 19, 2012Risk: MediumAuthentication: Depends on configuration.Remote: Yes

Nice Infrastructure…. Mind If I Borrow it??

We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management.  In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind […]

1 3 4 5 6 7 12