A remote authetnicated user can send specially crafted data to inject data query language (DQL) commands and obtain potentially sensitive information from the database on the target system.
...
The D2CenterstageService.getComments method is affected [CVE-2015-0547].
...
The D2DownloadService.getDownloadUrls method is affected [CVE-2015-0548].
http://www.securitytracker.com/id/1032769
Updated Point-to-Point Encryption standard now provides more flexibility
The Payment Card Industry Security Standards Council (PCI SSC) published an important update to one of its eight security standards, simplifying the development and use of Point-to-Point Encryption (P2PE) solutions that make payment card data unreadable and less valuable to criminals if stolen in a breach.
http://www.net-security.org/secworld.php?id=18581
Final Year Dissertation Paper Release: An Evaluation of the Effectiveness of EMET 5.1
ENISA's Udo Helmbrecht at EPP Hearing on cybersecurity
ENISA's Udo Helmbrecht participated at the EPP Hearing on data driven security, which took place today 1st July 2015, at the European Parliament in Brussels.
Topics discussed included:
Session I: New trends in digital technology developments and cyber threats to security
Session II: Fighting crime: use of new technologies and use of data
Session III: Cyber Security: ensuring security and safety on state and individual levels
http://www.enisa.europa.eu/media/news-items/enisa2019s-udo-helmbrecht-at-epp-hearing-on-cybersecurity
How safe is the Windows 10 Wi-Fi sharing feature?
... what worries security experts is the fact that it allows users to share access to their password-protected Wi-Fi networks with their Outlook.com contacts, Skype contacts, and Facebook friends.
...
While this feature can come very handy, it could also open users to security risks.
http://www.net-security.org/secworld.php?id=18584