4673 matches found
Video: Locking Down iOS
Considering the rapid proliferation of smartpones and tablets and the vast wealth of personal and financial data many of us store on them, it is increasingly important that we find ways of securing our mobile devices. With that in mind, we decided there was no better way to kick-off a series of...
meetOne Insecure Transport / Information Disclosure
SUMMARY meetOne, currently in Germany in the Top 50 social apps of the iTunes Store, has multiple vulnerabilities and has been found guilty of stealing Apple iPhone address books and abusing the e-mail addresses there for spam. Apple Inc. is ignoring the data theft and it seems even supressing...
Dropbox Users Cry "Spam!" Company Investigates
Support forums frequented by users of the online storage service Dropbox were alive with reports of spam e-mail messages sent to supposedly secret, Dropbox-affiliated addresses. The reports have raised the dark spectre of a data leak at the cloud based personal storage firm. Hundreds of Dropbox...
Mac OS X Admin Group User List
Using the supplied credentials, Nessus was able to extract the member list of the 'Admin' and 'Wheel' groups. Members of these groups have administrative access to the remote system. TRUSTED...
Checkpoint Abra Multiple Vulnerabilities
Exploit for windows platform in category local exploits Check Point Abra Vulnerabilities Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Summary: Check...
Watchdog Says Government Failing To Enforce HIPAA Privacy Protections
The Government Accountability Office GAO is warning that the U.S. government hasn’t lived up to promises to protect the privacy of Medicare patients who use the federal government’s Prescription Drug Benefit and not following through on promises to audit organizations that store patient health...
Travel Security Rundown
Summer travel season is well under way and considering the increasingly common reports detailing device seizures and data searches at international borders, you want to be very careful about the things you travel with. In a recently published SecureList article, Kaspersky Lab expert Dmitry...
EMC Data Protection Advisor Denial of Service
A denial of service vulnerability has been reported in EMC Data Protection Advisor...
Linkedin sued by Member for Hacking Incident
Linkedin sued by Member for Hacking Incident Illinois resident Katie Szpyrka filed a $5 million class action lawsuit against LinkedIn in the US District Court in the Northern District of California on June 15, claiming the business-oriented social networking site violated its own user agreement a...
Security Veterans Score Funding for New Startup Bluebox
Many people would consider themselves lucky to be a part of one successful start-up company, but for a select group of entrepreneurs, engineers and executives, that’s just the beginning. Such is the case for the team behind new mobile security firm Bluebox, a stealth-mode company that counts SPI...
Survey Shows 85 Percent of Small Business Owners Convinced a Data Breach Unlikely
If a newly released survey is any indication, publicized data breaches aren’t enough to prompt small businesses to better protect their customer or employee data. A survey released this week by The Hartford found 85 percent of small business owners believe a data breach is unlikely and often lack...
Apple Details iOS Security Features in New Guide
Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and netwo...
Consumer Reports: 13 Million Facebook Users Ignore Privacy Settings
A Consumer Reports investigation indicates 13 million U.S. Facebook users are oversharing — and likely don’t know it. That figure represents 8 percent of Facebook’s 150 million U.S. users, but it is part of an upward trend in users failing to protect themselves while on the social network — putti...
UK's Serious Organised Crime Agency's website taken offline after DDoS attack
UK's Serious Organised Crime Agency's website taken offline after DDoS attack The Serious Organised Crime Agency's website was temporarily shut down today after a cyber attack.It was the victim of a scam known as distributed denial of service DDOS whereby an internet address is flooded with bogus...
Fat Finger Error Lands Welsh Health Board $114K Fine
An e-mail gaffe and a spelling mistake by a doctor led to a breach of the UK’s Data Protection Act last year, according to a press release by the Information Commissioner’s Office today. The Aneurin Bevan Health Board ABHB in South Wales was fined £70,000 about $114,000 USD after it mistakenly se...
UK Govt. Investigating London Marathon Data Breach That Spilled Info On 38,000
The UK Information Commissioner’s Office ICO said it is looking into a possible data breach of the Website used by organizers of the London Marathon – major, international sporting event that attracted more than 37,000 runners for the 37th running on April 22nd. According to a BBC report, the hom...
EMC Data Protection Advisor security vulnerabilities
Integer overflow, NULL pointer dereference...
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities EMC Identifier: ESA-2012-018, DPA-14718 CVE Identifier: CVE-2012-0406 CVE Identifier: CVE-2012-0407 Severity Rating: CVSS v2 Base Score: See below for CVSS Base Scores for individual...
CVE-2012-0407
Integer overflow in the DPAUtilities library in EMC Data Protection Advisor DPA 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service infinite loop via a negative 64-bit value in a certain size field...
CVE-2012-0406
The DPAUtilities.cProcessAuthenticationData function in EMC Data Protection Advisor DPA 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an AUTHENTICATECONNECTION command that 1 lacks a password field or 2 has an empty password...