Browsing Author: Dennis Fisher

Attackers Compromise ICANN, Access Zone Files System

Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started[…]

Read more...

Google Adds Content Security Policy Support to Gmail

Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s been supported in a number of browsers[…]

Read more...

Sony: Employee Health Information May Have Been Compromised

Sony Pictures Entertainment has sent a letter to employees warning them that, along with huge amounts of corporate and employee information, some personal health data belonging to SPE employees may also have been compromised in the attack that hit the company in late November. The letter, which also was sent to the California Office of[…]

Read more...

Two Cisco Products Vulnerable to POODLE Attack on TLS

Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who discovered that if an attacker can force a vulnerable Web server to fall back from[…]

Read more...

Honeywell PoS Software Vulnerable to Stack Buffer Overflows

There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell[…]

Read more...