Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
HALOCK INVESTIGATES: “ZERO TOLERANCE”
HALOCK Investigates. An all-too-common cyber-crime today is spoofing, which is the practice of deceiving people into believing an email or website originates from a source that it does not. In a recent case we are investigating, the perpetrator substituted a number in the URL to mimic the actual URL with the hopes that the recipient wouldn’t notice and would click on the fraudulent link. (more…)
Cyber Security Awareness Tips Poster
Download a printable version of the cyber security awareness tips poster HERE
Current State of Cloud Based Security
At HALOCK®, we recognize there’s a tremendous amount of concern surrounding cloud-based security. Most of the concern is focused around the risk of moving assets to the cloud and that worry has slowed down the adoption of virtualized infrastructure. It has been a challenge to find solid data surrounding cloud security risks.
So when one of our partners, Alert Logic, issued a report specifically addressing this issue, we were excited to hear and share their findings. (more…)
How Business Pushes Information Security Compliance
The United States is an exceptional country in many ways, not least of which is that we don’t like doing what governments tell us to do. It’s in our moral fiber to rebel. One telling example of this was expressed in a historical article comparing US railroads to European railroads in the nineteenth century.
What does this have to do with Information Security? Bear with me. It’s fun. (more…)
CVE-2013-1402 – DigiLIBE Management Console – Execution After Redirect (EAR) Vulnerability
Overview
DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
Impact
CVSS Severity (version 2.0): (more…)
CVE-2011-5251 – vBulletin – Multiple Open Redirects
CVE-2011-5251 – vBulletin – Multiple Open Redirects Overview
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
Impact
CVSS Severity (version 2.0): (more…)
CVE-2012-6493: Nexpose Security Console CSRF Vulnerability
Product: Nexpose Security Console
Vendor: Rapid7
Version: < 5.5.3
Tested Version: 5.5.1
Vendor Notified Date: December 19, 2012
Release Date: January 2, 2013
Risk: High
Authentication: None required
Remote: Yes (more…)
CVE-2012-6494 – Nexpose Security Console – Session Hijacking
CVE-2012-6494 – Nexpose Security Console – Session Hijacking
Product: Nexpose Security Console
Vendor: Rapid7
Version: < 5.5.3
Tested Version: 5.5.1
Vendor Notified Date: December 19, 2012
Release Date: January 2, 2013
Risk: Medium
Authentication: Access to logs required.
Remote: Yes (more…)
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines.
The PCI Security Standards Council has released a new Information supplement for PCI DSS Risk Assessment Guidelines. Organizations planning and performing a risk assessment in accordance with PCI DSS 12.1.2 can use the information supplement to help identify threats and the associated vulnerabilities that could jeopardize the security of payment card data. (more…)
CVE-2012-6342: Atlassian Confluence – Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
CVE-2012-6342: Atlassian Confluence
Product: Confluence
Vendor: Atlassian
Version: 3.0 / Current
Tested Version: 3.4.6
Vendor Notified Date: June 31, 2011
Release Date: September 19, 2012
Risk: Medium
Authentication: Depends on configuration.
Remote: Yes (more…)