Code Execution Vulnerability in Microsoft XML Core Services
If you are calling “msxml3!_dispatchImpl::InvokeHelper” in your code, make sure to patch it. A vulnerability exists when the Microsoft’s XML function “msxml3!_dispatchImpl::InvokeHelper” attempts to access an object in memory that has not been initialized, allowing attacker to execute arbitrary code. Valid exploits have been made public.
http://blogs.mcafee.com/mcafee-labs/vulnerability-in-microsoft-xml-core-services-opens-door-to-attackers
RSA SecurIDs Get Cracked In 13 Minutes
Major corporations, government agencies, and small businesses hand out RSA SecurID fob keychains to employees so that they can securely log in to their systems. If you use a device like this, you probably assume that it’s a strong security measure to keep your employer’s networks and data secure. A team of computer scientists cracked the encryption it uses in record time.
In a paper, researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard. They managed to develop an approach that requires just 13 minutes to crack the device’s encryption.
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf
State of Alaska Fined $1.7 Million for a Lax in Security Protecting Health Records
The US Department of Health and Human Services (HHS) has announced a settlement with the State of Alaska’s Department of Health and Social Services (DHSS) for $1.7 million resulting from HIPAA violations. An investigation began after the physical theft of a USB HDD and investigation team soon learned that the Alaska government does not have proper controls in place.
http://nakedsecurity.sophos.com/2012/06/27/state-of-alaska-fined-1-7-million-for-lax-security-protecting-health-records/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
Leave a Reply