Friday, May 15, 2015 - Venom Vulnerability
Vulnerability (CVE-2015-3456) called VENOM (Virtualized Environment Neglected Operations Manipulation) is a vulnerability in the virtual floppy drive code used by some computer virtualization platforms. It may allow an authenticated attacker with admin or root privileges to escape from the confines of the affected guest virtual machine (VM) and obtain code execution on the host Hypervisor.
BAS systems are not affected by the VENOM vulnerability.
Wednesday, March 18, 2015 - SuperFish Vulnerability
Premera Blue Cross, a health insurer based in the Pacific Northwest, announced this week that it was subject to a cyberattack potentially affecting 11 million people. The breach could have exposed medical and financial information of members and their dependents, including Social Security numbers, mailing and email addresses, member ID numbers and banking information. The hacking started May 5, 2014 and was discovered January 29, 2015- the same day as the announcement of the Anthem breach. See our article about the Anthem breach by clicking here.
The Premera cyberattack is the largest reported data breach involving patient medical information.
Premera Blue Cross is offering two years of free credit monitoring and identity theft protection services, including identity theft insurance. They have set up a dedicated web page for more information- http://www.premeraupdate.com.
Friday, February 20, 2015 - SuperFish Vulnerability
Vulnerability (LEN-2015-010) announced and found on consumer grade Lenovo notebook products; SuperFish intercepts HTTP(S) traffic using a self-signed root certificate.
BAS does not support consumer grade Lenovo notebook systems and BAS' professional grade notebook systems are not affected by the SuperFish vulnerability.
Thursday, February 5, 2015 - Anthem Cyberattack
Anthem, Inc. reported a data breach resulting from "a sophisticated external cyber attack." For more information, visit www.AnthemFacts.com.
The Anthem breach does not involve BAS' systems including MyEnroll.com.
Thursday, October 16, 2014 - Poodle Vulnerability
Vulnerability (CVE-2014-3566) called POODLE (Padding Oracle on Downgraded Legacy Encryption) was disclosed that could allow for “man-in-the-middle” network attackers to obtain clear-text data in Secure Socket Layer (SSL) 3.0. (SSL 3.0).
BAS systems are not affected by the Poodle vulnerability.
Wednesday, September 24, 2014 - Shellshock Vulnerability
Vulnerability (CVE-2014-6271) also called the “Shellshock” or “Bash” Bug was disclosed that affects the Bourne-Again Shell, also known as “Bash”—a common shell used by most Linux/Unix distributions.
BAS systems are not affected by the Shellshock vulnerability.
Tuesday, April 8, 2014 - Heartbleed Vulnerability
Vulnerability (CVE-2014-0160) also called “Heartbleed” was disclosed that could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the SSL/TLS heartbeat extension.
BAS systems are not affected by the Heartbleed vulnerability.