If you’re dealing with any form of payment card data, starting on January 2015, security audits will need to prove PCI 3.0 compliance. Banks, card brands and regulators are stepping up action in the face of recent significant breaches in name brand companies. If you are running the unsupported open source agent for event logging, […]
The POODLE attack (which stands for “Padding Oracle On Downgraded Legacy Encryption”) is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0. The Snare Agents are not affected by POODLE as it requires a cookie injection from the client and Snare does not use cookies for our connections. […]
All versions of the Snare Server prior to v6.3.5 are running a vulnerable version of Bash, known as the Shellshock vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7187, CVE-2014-7186) (http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html). If you are running a previous version, it is recommended that you upgrade your Snare Server to version 6.3.5 (released 29-SEP-2014) as soon as possible to ensure that your […]
