Monthly Archives: September 2014

Panda Security

The Home Depot confirms hacker attack. 56 million credit and debit cards compromised

Leave a comment

the home depot

The Home Depot, the home improvement retailer, has confirmed that its servers have been attacked and that 56 million credit and debit card details have been compromised.

According to the The Wall Street Journal, the company has also acknowledged that, in some cases, the accounts associated to the cards have been drained.

In addition, fraudulent transactions have appeared across the USA as the criminals use stolen card details to buy prepaid cards, electronic goods and even groceries.

This attack comes just months after a similar attack on Target Corp. and there could be a connection, as the same tool –BlackPOS- was used to exploit the vulnerability.

The security breach may have affected customers who shopped in any of the almost 4,000 stores that the company has in the U.S. and Canada between April and September.

Do you want to know how to prevent theft in your company?

The post The Home Depot confirms hacker attack. 56 million credit and debit cards compromised appeared first on MediaCenter Panda Security.

Mandriva

[ MDVA-2014:015 ] php

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Advisory                                   MDVA-2014:015
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : September 25, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 This is a maintenance and bugfix release that upgrades php to the
 latest 5.5.17 version which resolves various upstream bugs in php.
 
 Additionally, the php-timezonedb packages has been upgraded to the
 latest 2014.7 version, the php-suhosin packages has been upgraded to
 the latest 0.9.36 version which has better support for php-5.5 and
 the PECL packages which requires so has been rebuilt for php-5.5.17.
 _______________________________________________________________________

 References:

 http://php.net/ChangeLog-5.php#5.5
Mandriva

[ MDVSA-2014:189 ] nss

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:189
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nss
 Date    : September 25, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in Mozilla NSS:
 
 Antoine Delignat-Lavaud, security researcher at Inria Paris in
 team Prosecco, reported an issue in Network Security Services (NSS)
 libraries affecting all versions. He discovered that NSS is vulnerable
 to a variant of a signature forgery attack previously published
 by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1
 values involved in a signature and could lead to the forging of RSA
 certificates (CVE-2014-1568).
 
 The updated NSPR packages h
Mandriva

[ MDVSA-2014:188 ] wireshark

Leave a comment 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:188
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : September 25, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wireshark packages fix security vulnerabilities:
 
 RTP dissector crash (CVE-2014-6421, CVE-2014-6422).
 
 MEGACO dissector infinite loop (CVE-2014-6423).
 
 Netflow dissector crash (CVE-2014-6424).
 
 RTSP dissector crash (CVE-2014-6427).
 
 SES dissector crash (CVE-2014-6428).
 
 Sniffer file parser crash (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431,
 CVE-2014-6432).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421