Blog Posts Tagged with "Patching"

0a8cae998f9c51e3b3c0ccbaddf521aa

Cloud Patch Management: Consistency and Automation

May 23, 2012 Added by:Rafal Los

If you've chosen wisely, you environments across your public and private clouds are consistent. The big question is - how do we keep our environments consistent in the face of security requirements to push patches? The answers rely very heavily on automation and policy...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Twitter Hack! Five Ways to Avoid Being a Victim of Phishing

May 12, 2012 Added by:Brent Huston

Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Information Security is More than Prevention

May 04, 2012 Added by:Brent Huston

One of the biggest signs that an organization’s infosec program is immature is they have an obsessive focus on prevention and equate it with security through knee-jerk reactions to vulnerabilities, never-ending emergency patching situations and a continual fire-fighting mode...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

On Network Segmentation Faults

April 10, 2012 Added by:Jack Daniel

Why should you segment? Network and systems management can be enhanced by segmentation and isolation, as can performance- patch and systems management servers, departmental servers, printers and more can be placed in the most advantageous segment of the network...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Running Apache? Beware of "Armageddon"...

March 19, 2012 Added by:Kevin McAleavey

"Apache Killer" exploits a vulnerability in the server by sending a specially crafted Range HTTP header to trigger a denial-of-service condition, and a single computer is capable of bringing Apache to its knees. A botnet full of these can result in "tango down"...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases Multiple Security Updates

March 09, 2012 Added by:Headlines

Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities which may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Adobe Releases Critical Updates for Flash Player Vulnerability

March 06, 2012 Added by:Infosec Island Admin

Adobe has released critical updates for Android, Windows, Linux and Solaris operating systems to mitigate vulnerabilities in the company's Flash Player software that may have allowed attackers to inflict a denial of service or take control of a targeted system...

Comments  (0)

Ca77c9128684f4263450c6d728107608

Starting to Clean Up the Mess from PCAnywhere

February 09, 2012 Added by:Damion Waltermeyer

I realized not everyone was even sure how to go about starting to clean up from the PCAnywhere exploit. To start, I am going to share with you my method for finding machines that are potentially open to this exploit...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Invensys Wonderware InBatch ActiveX Vulnerabilities

January 06, 2012 Added by:Headlines

Three vulnerabilities in Invensys Wonderware InBatch exist in the GUIControls, BatchObjSrv, and BatchSecCtrl ActiveX controls. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or cause a denial of service (DoS) on systems with affected versions of Wonderware...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

A Checklist for Customer Cloud Security

December 06, 2011 Added by:Ben Kepes

In our cloud security whitepaper we spent time talking about why Cloud Computing is potentially more secure than traditional models of IT delivery while at the same time pointing out the fact that there’s still security issues that organizations need to think about when using Cloud...

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

The Importance of Software Updating

November 21, 2011 Added by:Emmett Jorgensen

There is software that can scan your network and check for these un-patched systems. The software can report back exactly which software updates are missing, and then use another tool to actually exploit those vulnerabilities. An attacker could take complete control of your computer...

Comments  (0)

C70bb5cfd0305c9d18312d92f820c321

Security Without Patches

October 12, 2011 Added by:Gabriel Bassett

The Fortification Principle implies that defense is at a disadvantage when using patches as mitigation. Instead, I propose you secure your network without patching. I don’t mean to never patch, but plan to only apply security patches and configuration changes for regular deployment cycles...

Comments  (1)

71d85bb5d111973cb65dfee3d2a7e6c9

Happy Birthday MS08-067

October 06, 2011 Added by:f8lerror

As a Penetration Tester, this vulnerability is sought out because it is highly reliable and very low risk. As an attacker, the simple fact is the attack still works. The vulnerability was widely used in conjunction with the conficker worm, which affected more than seven million systems...

Comments  (3)

37d5f81e2277051bc17116221040d51c

Hackers Hacked Away in Las Vegas

September 07, 2011 Added by:Robert Siciliano

What most people don’t realize is not all hackers are bad. Certainly “crackers and cyber criminals” are bad, but many hackers are full time security professionals and work around the clock to create the security software to protect us...

Comments  (0)

Page « < 1 - 2 - 3 > »