Data Leak
From the folks at Attrition and the DatalossDB.
---------- Forwarded message ----------
From: security curmudgeon <jericho@attrition.org>
Date: Aug 12, 2009 4:22 PM
Subject: Follow-up: Heartland CEO on Data Breach: QSAs Let Us Down
To: dataloss-discuss@datalossdb.org, dataloss@datalossdb.org
http://www.csoonline.com/article/499527/Heartland_CEO_on_Data_Breach_QSAs_Let_Us_Down
Heartland CEO on Data Breach: QSAs Let Us Down
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Multicast Virtual Private Network
(MVPN) Data Leak
Advisory ID: cisco-sa-20080326-mvpn
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
================
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
=================
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
=================
* Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor
32, Supervisor 720, or Route Switch Processor 720
http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml
* Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak
http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml
Affected Products
=================
function. This allows local, unprivileged users to change the properties
of mount points.
CVE-2008-3272
Tobias Klein reported a locally exploitable data leak in the
snd_seq_oss_synth_make_info() function. This may allow local users
to gain access to sensitive information.
CVE-2008-3275
Sent: Monday, July 27, 2009 2:35 PM
To: McDonnell, Michael
Cc: Choon Ming; bugtraq@securityfocus.com; full-disclosure-bounces@lists.grok.org.uk
Subject: Re: computer crime statistics
Try the Verizon Business Data Breach investigations report. I think it
has some statistics you are looking for.
http://www.verizonbusiness.com/products/security/risk/databreach/
Scotty
lead to a denial of service or leak sensitive data. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2008-3272
Tobias Klein reported a locally exploitable data leak in the
snd_seq_oss_synth_make_info() function. This may allow local users
to gain access to sensitive information.
CVE-2008-3275
* WHID 2009-16: Primary schools hit by smut hack
(http://whid.webappsec.org/whid/2009/16/primary_schools_hit_by_smut_hack)
We also continue to follow older incidents and the following incidents where
significantly updated this week:
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
(http://whid.webappsec.org/whid-2008-36) - scope of incident revealed.
* WHID 2008-01: Information stolen from geeks.com
(http://whid.webappsec.org/whid-2008-01) - FTC settlement documents shed
light on the incident.
This may help as well:
http://www.privacyrights.org/ar/ChronDataBreaches.htm
Michael Theroux
IT Security Specialist
Plexus Corp.
-----Original Message-----
Try the Verizon Business Data Breach investigations report. I think it
has some statistics you are looking for.
http://www.verizonbusiness.com/products/security/risk/databreach/
Scotty
McDonnell, Michael wrote:
> You probably will have more look searching databases provided by your local
> library. If your local University has a data librarian they might be able to
* WHID 2009-1: Gaza conflict cyber war (http://www.xiom.com/whid-2009-1)
Other incidents of interest added recently to WHID:
* WHID 2008-43: Russian nuclear power web sites attacked amid accident
rumors
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
* And lastly, the big TJX hack, that finally got into WHID as new reports
suggest that web hacking also had a role in it, WHID 2007-89: The big TJX
hack
* WHID 2009-16: Primary schools hit by smut hack
(http://whid.webasppsec.com/whid/2009/16/primary_schools_hit_by_smut_hack)
We also continue to follow older incidents and the following incidents where
significantly updated this week:
* WHID 2008-36: RBS WorldPay Data Breach Hits 1.5 Million
(http://whid.webasppsec.com/whid-2008-36) - scope of incident revealed.
* WHID 2008-01: Information stolen from geeks.com
(http://whid.webasppsec.com/whid-2008-01) - FTC settlement documents shed
light on the incident.
|
