Blog Posts Tagged with "exploit"
August 23, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code by security researcher Justin W. Clarke can be used to decrypt SSL traffic between an end user and a RuggedCom network device...
August 16, 2012 Added by:f8lerror
There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...
August 02, 2012 Added by:Electronic Frontier Foundation
Among all the various biometric traits that can be measured for machine identification, the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked...
June 28, 2012 Added by:Headlines
“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...
June 25, 2012 Added by:Headlines
"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...
June 22, 2012 Added by:Infosec Island Admin
Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...
June 18, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept exploit code affecting Sielco Sistemi Winlog. The vulnerability is exploitable by sending specially crafted requests to TCP/46824 which could result in a denial of service and remote code execution...
May 31, 2012 Added by:Rob Fuller
When I started looking into appending or inserting lines into /etc/sudoers for CCDC, I happened upon an interesting function of that file. Near the end of the file there are two lines that look commented out, but in actuality are interpreted and acted upon, an evil way to stay hidden on a 'nix box...
May 30, 2012 Added by:Robert M. Lee
Attribution is incredibly hard to apply in the cyber domain, and even the most appealing pieces of evidence can be purposely misleading. The perception of attribution applied to a nation-state cyber attack can put tension on nation-state relationships, have an effect on deterrence, and cause real-world issues...
May 29, 2012 Added by:Kevin McAleavey
Flame is huge - 20 modules and 20 megabytes. Strange that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years. The worm runs as a Windows service, and most of the files are visible, making this even more of a surprise...
May 04, 2012 Added by:Headlines
"RedKit is armed with two of the most popular exploits... The first exploit is a fairly obfuscated PDF file that exploits the LibTIFF vulnerability..." The second is the "latest Java exploit, dealing with the AtomicReferenceArray vulnerability..."
March 26, 2012 Added by:Alexander Polyakov
A vulnerability in Lotus Domino was quickly disassembled, and the resulting exploit employed, demonstrating that the existing patch could be bypassed by a critical 0-day vulnerability. The result was an attack on the Domino Controller service and a full server compromise...
March 13, 2012 Added by:Brent Huston
DHS ranks the CSRF vulnerability as the 909th most dangerous software bug, more dangerous than most buffer overflows. CSRF vulnerabilities can result in remote code execution with root privileges or compromise root certificates, completely undermining a public key infrastructure...
March 09, 2012 Added by:Headlines
The operation was intended to snare unsuspecting targets previously aggregated in a database. Those who scanned the QR-Code were then cross-referenced with known targets, and those targets were subsequently pwned, having their address books, texts and emails exfiltrated...
February 22, 2012 Added by:Enno Rey
Unfortunately the attacker was able to circumvent our first workaround. We discovered that it was possible to “dial-in” to the router directly by calling the head number. As a long-term solution the configured dial patterns have to be modified to prevent such things in the future...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013