Vulnerability Note VU#630239 Epiphany Cardio Server is vulnerable to SQL and LDAP injection Original Release date: 01 Dec 2015 | Last revised: 09 Dec 2015 Overview The Epiphany Cardio Server is vulnerable to SQL injection and LDAP injection, allowing an unauthenticated attacker to gain administrator rights.
I have avoided writing about the Cybersecurity Information Sharing Act (CISA), largely because the details kept changing. (For those not following closely, similar bills were passed by both the House and the Senate. They’re now being combined into a single bill which will be voted on again, and then almost certainly signed into law by President Obama.) Now that it’s pretty solid, I find that I don’t have to write anything, because Danny Weitzner did such a good job , writing about how the bill encourages companies to share personal information with the government, allows them to take some offensive measures against attackers (or innocents, if they get it wrong), waives privacy protections, and gives companies immunity from prosecution
Microsoft’s President Brad Smith has a blog post discussing what to do now that the US-EU safe-harbor agreement has collapsed .
7 retweets 4 favorites
1 retweets 0 favorites
Are you too busy provisioning new servers and reseting your users’ Windows passwords to keep up with information security news? If so, we have a quick solution for you. Learn the most important security issues in under ten minutes with our weekly security review video