Many vendors have put out statements for OpenSSL vulnerability (CVE-2014-0160):
This is a vulnerability in the encryption technology (OpenSSL) on websites and other systems. If you cannot safely access websites with encryption technologies it is a bad day on the Internet
isc has a full list – list is increasing:
But most interesting (to me) is Cisco, Redhat and Checkpoint, as they are the lifeblood of Internet
Cisco – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
CheckPoint – https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173
Redhat – https://access.redhat.com/security/cve/CVE-2014-0160
Do your systems have this vulnerability? we can scan and find out for you. There are specific tools being developed by the hackers and good guys so as to attack/patch effectively.
We test and audit your environment to make you safer (A – Σ – Ω)
Port 6789 according to Speedguide.net the port can be used by a Netsky worm variant, but is also used by the Sun cluster manager.
In fact that is how the worm replicates itself across the Internet, by using the Java software on the cluster manager software (smc-https or Solaris Management console).
Many ports are thus always attempted to be used by viruses and hackers, it is important to continually be vigilant, and cut down on the possibility of hacking attempts.
review your systems with our products (A – Σ – Ω) and protect your computers and network.
Protecting your network is not going to be easy.
bankinfosecurity has the information
The initial reports were that it was a data breach, but no credit card data was stolen, but 11 days later it looks as many as 25,000 records were exposed and stolen
Sally Beauty Supply operates approximately 500 stores worldwide and had $3.6 billion in sales in 2013.
As usual this may take some time to fully develop. Always check your credit card statements for fraudulent activity.
OWASP has a great website discussing SQL injection:
The Open web application Security project is an effort to help the programming community in securing their websites
And I will copy a couple of lines from their SQL_Injection_prevention_Cheat_sheet becasue it is important:
- Option #1: Use of Prepared Statements (Parameterized Queries)
- Option #2: Use of Stored Procedures
- Option #3: Escaping all User Supplied Input
A Sigma Scan(Σ ) can help uncover any potential SQL injection vulnerabilities
To truly make sure that your site does not have any vulnerabilities, it is a good idea to test and interdependently verify these
This is one of the many mindmaps from Aman Hardikar:
You can see that it is not only network firewalls and websites that need to be reviewed.
A security architecture needs to be developed from security principles within procedures and goals laid out within business objectives.