Blog Posts Tagged with "Patching"


Cloud Patch Management: Consistency and Automation

May 23, 2012 Added by:Rafal Los

If you've chosen wisely, you environments across your public and private clouds are consistent. The big question is - how do we keep our environments consistent in the face of security requirements to push patches? The answers rely very heavily on automation and policy...

Comments  (0)


Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)


Twitter Hack! Five Ways to Avoid Being a Victim of Phishing

May 12, 2012 Added by:Brent Huston

Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...

Comments  (0)


Information Security is More than Prevention

May 04, 2012 Added by:Brent Huston

One of the biggest signs that an organization’s infosec program is immature is they have an obsessive focus on prevention and equate it with security through knee-jerk reactions to vulnerabilities, never-ending emergency patching situations and a continual fire-fighting mode...

Comments  (0)


On Network Segmentation Faults

April 10, 2012 Added by:Jack Daniel

Why should you segment? Network and systems management can be enhanced by segmentation and isolation, as can performance- patch and systems management servers, departmental servers, printers and more can be placed in the most advantageous segment of the network...

Comments  (0)


Running Apache? Beware of "Armageddon"...

March 19, 2012 Added by:Kevin McAleavey

"Apache Killer" exploits a vulnerability in the server by sending a specially crafted Range HTTP header to trigger a denial-of-service condition, and a single computer is capable of bringing Apache to its knees. A botnet full of these can result in "tango down"...

Comments  (0)


Apple Releases Multiple Security Updates

March 09, 2012 Added by:Headlines

Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities which may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions...

Comments  (0)


Adobe Releases Critical Updates for Flash Player Vulnerability

March 06, 2012 Added by:Infosec Island Admin

Adobe has released critical updates for Android, Windows, Linux and Solaris operating systems to mitigate vulnerabilities in the company's Flash Player software that may have allowed attackers to inflict a denial of service or take control of a targeted system...

Comments  (0)


Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)


ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerabilities

January 06, 2012 Added by:Headlines

Three vulnerabilities in Invensys Wonderware InBatch exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware...

Comments  (0)


US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)


A Checklist for Customer Cloud Security

December 06, 2011 Added by:Ben Kepes

In our cloud security whitepaper we spent time talking about why Cloud Computing is potentially more secure than traditional models of IT delivery while at the same time pointing out the fact that there’s still security issues that organizations need to think about when using Cloud...

Comments  (0)


The Importance of Software Updating

November 21, 2011 Added by:Emmett Jorgensen

There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...

Comments  (0)


Security Without Patches

October 12, 2011 Added by:Gabriel Bassett

The Fortification Principle implies that defense is at a disadvantage when using patches as mitigation. Instead, I propose you secure your network without patching. I don’t mean to never patch, but plan to only apply security patches and configuration changes for regular deployment cycles...

Comments  (1)


Happy Birthday MS08-067

October 06, 2011 Added by:f8lerror

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the simple fact is the attack still works. The vulnerability was widely used in conjunction with the conficker worm, which affected more than seven million systems...

Comments  (3)


Hackers Hacked Away in Las Vegas

September 07, 2011 Added by:Robert Siciliano

What most people don’t realize is not all hackers are bad. Certainly “crackers and cyber criminals” are bad, but many hackers are full time security professionals and work around the clock to create the security software to protect us...

Comments  (0)

Page « < 1 - 2 - 3 > »