DB Vulns

219bfe49c4e7e1a3760f307bfecb9954

MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?

April 03, 2013 Added by:Rohit Sethi

The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...

Comments  (0)

Default-avatar

Three New Podcasts: Security Conversations - A Podcast With Ryan Naraine

March 04, 2013 Added by:Infosec Island

In these three new episodes of the Security Conversations Podcast, Ryan Naraine interviews Adobe's David Lenoe on Frustrations With "Partial Disclosure", Securosis CEO Rich Mogull on Mandiant's APT1 Report and Advanced Threat Actors, and Sourcefire's Yves Younan on Tracking 25 Years of Vulnerability Data.

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Security Analytics: Hype or Huge?

February 01, 2013 Added by:Simon Moffatt

This complex chain of correlated "security big data", can be used in a manner of ways from post-incident analysis and trend analytics as well as for the mapping of internal data to external threat intelligence. Big data is here to stay and security analytics just needs to figure out the best way to use it...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

The Rise of Exploit Kits According to Solutionary SERT

January 28, 2013 Added by:Pierluigi Paganini

The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Common Sense Cybersecurity

January 13, 2013 Added by:Larry Karisny

We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Why I'm Upset About the S.C. Department of Revenue Breach

December 04, 2012 Added by:Kelly Colgan

I’m a South Carolina taxpayer, and therefore, a potential victim of the massive South Carolina Department of Revenue Breach. I work in the identity theft and data risk industry, so when I heard about how everything was being handled and what was being offered, I was upset...

Comments  (2)

4eb356e09746aadc2f4800877e8c24e8

Sidestepping Microsoft SQL Server Authentication

October 21, 2012 Added by:Brandon Knight

Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...

Comments  (2)

B451da363bb08b9a81ceadbadb5133ef

Is Oracle Misleading Its Database Customers With CPUs?

April 26, 2011 Added by:Alexander Rothacker

Is Oracle misleading its database customers during its quarterly Critical Patch Updates (CPUs)? Unfortunately for its customers, Oracle has figured out a way to downplay the severity of its vulnerabilities and water down the Common Vulnerability Scoring System (CVSS) scoring...

Comments  (0)

Page « < 4 - 5 - 6 - 7 - 8 > »