ComWise Internetwork Sdn Bhd

Digital Defense Identifies Vulnerability On Epicor Software Interface

admin — Fri, 18 May 2012 04:03:09 +0000

San Antonio, TX – May, 16, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the organization’s discovery of a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could potentially be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to exploit this flaw to compromise the database server host operating system.

DDI followed their ethical disclosure policy, which included the immediate notification of Epicor Software Corporation. Epicor has now confirmed that they have contacted the customers affected and have made an update available to address this vulnerability. Epicor has also advised DDI that the codebase for Returns Management software might differ significantly from customer to customer, and has suggested that some customer installs may not contain this specific vulnerability due to this codebase variability. DDI recommends that any customer currently utilizing Epicor Returns Management software within their enterprise install the update Epicor has made available and, if concerned, log a support call with Epicor directly to determine if their codebase contains this vulnerability.

Delete Data To Delete Risk

admin — Fri, 18 May 2012 04:00:46 +0000

Earlier this month, a Missouri state senator led a filibuster to block the vote on the creation of a new prescription-tracking database within the state — on the grounds that should a breach occur to expose this database, it would expose embarrassing information about citizens. Though extreme, the event offers good evidence that awareness is growing both in the public and private sector that one of the best ways to protect sensitive and personally identifiable information (PII) from a breach is to eliminate its existence.

“Rule No. 1 in data-breach prevention is that they can’t steal it if you don’t have it,” says Alan Brill, senior managing director of Kroll Advisory Solutions. “It would be a lot better if people remembered that one.”

Obviously, protected identifiable information and other sensitive information fuels enterprise business today. And then there are certain classes of data that are required to be kept because of litigation or to maintain a legal hold for discovery issues, Brill explains. But beyond that, he believes organizations need to do a better job probing the necessity of retaining data — particularly PII — and making every effort to limit its stay on company databases.

IBM – Defend against data breaches bypassing perimeter security

admin — Wed, 16 May 2012 03:23:57 +0000

	5/15/2012

The IBM X-Force 2011 Trend Report: Combat Data Security Threats

Date: Wednesday, May 23, 2012 | Time 8:00 am PT / 11:00 am ET

Register Now

This webcast reveals the results of the “IBM X-Force 2011 Trend and Risk Report”, an in-depth analysis of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.

Attend and learn about increases in key areas of attack activity and how to combat them, including:

Cybercriminal activity
SQL injections
IT loophole attacks
Attacks targeting shell command injection vulnerabilities, which more than doubled in 2011
Attacks on emerging technologies, including cloud computing, social networks and mobile devices

Review the data protection mandates and compliance requirements, learn what countermeasures can be used against these attacks and hear case studies of clients that have successfully secured their sensitive databases and reduced compliance costs.

Register Now – or - Get More Information

Featured Speakers

	Robert Freeman, Manager, IBM X-Force® Advanced Research
	Eric Naiburg, Program Director, IBM Information Governance Solutions Product Marketing Strategy

*Please make sure that your computer is ready for the event. The system check is extremely important to run in advance of your login! You can find useful computer tips to prepare your computer for the event.

TECHNICAL SUPPORT
For technical support, please contact: support@inxpo.com

eNewsletter Subscription Management

Subscribe | Unsubscribe | | Feedback

Copyright © IBM InfoSphere Guardium 2012. All rights reserved. IBM, the IBM logo, ibm.com, InfoSphere and Guardium are trademarks of IBM. All other trademarks and service marks are the property of their respective owners.IBM InfoSphere Guardium
5 Technology Park Drive
Westford, MA 01886

Contact IBM

Six indicted over Population Registry data theft

admin — Wed, 16 May 2012 03:19:28 +0000

The Tel Aviv district attorney on Sunday charged six people, including a computer programmer formerly employed as a Welfare and Social Services Ministry contractor, in connection with a massive data theft that exposed the personal details of millions of Israelis.

According to the indictment, filed in the Tel Aviv District Court, 55-year-old Shalom Bilik had access to the population registry database as part of his contract computer maintenance work in the Welfare and Social Services Ministry’s information systems department. In 2005- 2006, during his time at the ministry, Bilik began to make copies of the population registry data and sold it, the indictment said.

Personal data for home care workers, recipients lost in the mail

admin — Wed, 16 May 2012 03:18:37 +0000

SACRAMENTO — Sensitive personal information for more than 700,000 people who provide or receive home care for the elderly and disabled may have been compromised when payroll data went missing in the mail, state officials revealed Friday night.

The breach occurred whenHewlett-Packard, which handles the payroll data for workers in California’s In-Home Supportive Services program, was shipping information including Social Security numbers to an office in Riverside last month. The package arrived damaged and incomplete.

Amnesty International UK site flung Gh0st RAT at surfers after hack

admin — Wed, 16 May 2012 03:18:07 +0000

Amnesty International UK’s website was hacked early this week in an assault ultimately geared towards planting malware onto the PCs of visiting surfers.

Malicious Java code was planted on the site in a bid to push the Gh0st RAT Trojan onto vulnerable Windows machines. If successful, the attack plants malware onto machines that is capable of extracting the user’s files, email, passwords and other sensitive personal information.

The attack, which ran between 7 and 9 May, was detected by web security firm Websense, which informed Amnesty about the threat. The human rights organisation has since cleaned up its site.

Pentagon expands cybersecurity exchange

admin — Wed, 16 May 2012 03:17:32 +0000

The Pentagon predicts that as many as 1,000 defense contractors may join a voluntary effort to share classified information on cyberthreats under an expansion of a first-ever initiative to protect computer networks.

After a pilot program that involved 36 contractors and three of the biggest U.S. Internet providers, the Obama administration approved a rule letting the Pentagon enlist all contractors and Internet providers with security clearances in the information exchange, according to Eric Rosenbach, deputy assistant secretary of defense for cyberpolicy.

FBI warns globe trotters about malware lurking in hotel room connections

admin — Sat, 12 May 2012 02:11:49 +0000

The FBI is warning individuals who travel abroad that cybercriminals are installing malware through bogus software updates when users connect to the internet in their hotel rooms.

The malware is downloaded when users try to update software while using their hotel’s internet connection, according to an intelligence note by the US Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.

Once connected to the internet, users receive a pop-up window that notifies them that a widely used software product needs to be updated. If they click to download the update, malware is installed instead.

China and US to co-operate to avoid cyber Cold War

admin — Sat, 12 May 2012 02:11:15 +0000

US and Chinese defence ministers say they will work together over cybersecurity, despite accusations that China is the main source of online attacks against the US.

US Defence Secretary Leon Panetta met his Chinese counterpart Liang Guanglie in Washington on Monday.

He said it was “extremely important” to work together to “avoid a crisis in this area”.

Mr Liang denied that China was the main source of cyber-attacks against the US.

Electronic Health Records (EHR) and Growth in Wireless Computing Increase Healthcare Concerns Over Data Loss

admin — Sat, 12 May 2012 01:48:48 +0000

TORONTO – May 7, 2012 – Asigra Inc., a leading cloud backup software provider since 1986, today cited new research that reveals significant growth in digital threats to patient health information (PHI). Recent findings now show that while approaches to patient data protection have evolved over the past several years, the aggressive transition to electronic health records (EHR) and the consumerization of IT have resulted in greater digital threats to patient privacy.

Tweet This: Electronic Health Records (EHR) and Growth in Wireless Computing Increases Healthcare Concerns over Data Loss

According to a 2012 Healthcare Information and Management Systems Society (HIMSS) Analytics report titled, Security of Patient Data , “Data breaches not only risk revealing patient health information, they also open up those whose information is compromised to identity theft, fraud and other violations. While hospitals are stepping up to regularly audit their monitoring and response procedures, reports of data breaches are on the rise.”