Original release date: July 31, 2015 The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration and mitigation actions. During NCCIC’s recent work, following best practices proved extremely effective in protecting networks, the information residing on them, and the equities of information owners. The recently updated National Institute of Standards and Technology Cybersecurity Framework highlights best practices
One of the most frightening lessons IT people quickly learn is that large complex systems—software, hardware and certainly operating systems—always do things that no one knew they could do (or expect them to do). That's because these…
Vulnerability Note VU#810572 CUPS print service is vulnerable to privilege escalation and cross-site scripting Original Release date: 09 Jun 2015 | Last revised: 09 Jun 2015 Overview CUPS implements the Internet Printing Protocol (IPP) for UNIX-derived operating systems. Various versions of CUPS are vulnerable to a privilege escalation due to a memory management error
Building automation Networks are very common today for intelligent buildings. They interconnect several type of devices like escalators, elevators, power circuits, heating, ventilating and air conditioning (HVAC) to the main control center
As if using the Internet — the Web in particular — weren't already fraught with cyber-perils, users — in offices on company LANs, as well as home-based and mobile individual users — have to add “malvertising” to the list of things f…
[Guest Diary: Xavier Mertens] [ Playing with IP Reputation with Dshield “> ] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increasethe reliability of generated alerts. It can help toprioritizeincidents.
Vulnerability Note VU#534407 Barracuda Web Filter insecurely performs SSL inspection Original Release date: 28 Apr 2015 | Last revised: 28 Apr 2015 Overview Barracuda Web Filter prior to version 8.1.0.005 does not properly check upstream certificate validity when performing SSL inspection, and delivers one of three default root CA certificates across multiple machines for SSL inspection. Description According to Barracuda Networks , the Barracuda Web Filter is a “comprehensive solution for web security and management” with many features, including the ability to provide “visibility into SSL-encrypted traffic”. This SSL inspection feature of the Barracuda Web Filter is vulnerable to multiple issues