Sunday, 27 January 2013
HP's JetDirect Software Makes Networked Printers Vulnerable
Vulnerabilities in Hewlett-Packard's (HP's) JetDirect software could allow attackers to circumvent biometric and other security protections to access partially printed documents and crash all machines running the vulnerable software that are connected to the network. The software is used in internal, external, and embedded print servers from many manufacturers, not just HP. It is designed to manage print requests made through networks.
Stanford Medical Facility Suffers Another Data Security Breach
The Lucile Packard Children's Hospital at Stanford University has notified 57,000 patients that their personal information was compromised after an unencrypted laptop containing the data was stolen from a doctor's car. The theft occurred on January 9, 2013, and was reported to the hospital the following day. The incident is the fourth data security breach involving a Stanford medical facility since January 2010.
Two Sentenced for DDoS Attacks on PayPal and Other Sites
A UK court has sentenced two men to jail for their involvement with the
hacking collective that calls itself Anonymous. Christopher Weatherhead
and Ashley Rhodes received sentences of 18 months and seven months,
respectively, for launching distributed denial-of-service (DDoS)
attacks against a number of sites, including PayPal, MasterCard,
and Visa. Two other men were involved in the attacks: Peter Gibson
received a six-month sentence, suspended for two years. Jake Birchall
will be sentenced on February 1. The convictions in this case are
believed to be the first in the UK for DDoS attacks.
Hardcoded Backdoors in Barracuda Gear
Multiple products from Barracuda have been found to have hardcoded
backdoors that could be exploited to gain access to vulnerable
systems. The backdoor accounts, which can be accessed via the
secure shell (SSH) protocol, allow attackers to log in remotely
and access sensitive information or take control of networks. The
backdoor accounts are protected with weak passwords and cannot be
disabled. The problem was reported to Barracuda in November 2012. There
is a specific set of IP addresses that can access the appliances,
but Barracuda does not own all of those addresses. Barracuda is urging
all users to update their security definitions to version 2.0.5.
Cisco Issues Patches for Vulnerabilities in Wireless LAN Appliances
Vulnerabilities in Cisco wireless LAN appliances could be exploited
to allow remote code execution and trigger denial-of-service
conditions. Cisco has released a fix for the problems and is urging
administrators to patch affected products. In some instances, limiting
SNMP access on wireless controllers can lessen the threat of attacks.