Blog Posts Tagged with "Vulnerabilities"

71d85bb5d111973cb65dfee3d2a7e6c9

Gather Vulns: Necessity is the mother of Invention

March 01, 2013 Added by:f8lerror

Ever run into a test where you port scan and you just cannot remember what those ports are or if there is any vulnerabilities connected to them? Normally, I would just take the port do a search on Exploit-db.com.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (14)

Default-avatar

UPnP Security Flaws Expose 40-50 Million Networked Devices

January 29, 2013 Added by:Infosec Island

Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Information Sharing and Asymmetric Advantage

January 27, 2013 Added by:Tripwire Inc

One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Don’t Be Caught Playing the Fool (A Lesson in Why Change Control is Important)

January 03, 2013 Added by:Gary McCully

This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Security is Inconvenient, Deal With It!

December 17, 2012 Added by:Keith Mendoza

ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...

Comments  (2)

03b2ceb73723f8b53cd533e4fba898ee

How to get into your house through SmartTV

December 14, 2012 Added by:Pierluigi Paganini

Security experts posted a video that demonstrates how it is possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV...

Comments  (0)

E85787adcaf7bca10e799cfd1cfd08f1

Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)

03b2ceb73723f8b53cd533e4fba898ee

LTE networks vulnerable to jamming, a question of national security

November 18, 2012 Added by:Pierluigi Paganini

"These comments describe extremely effective attacks can be realized, using fairly low complexity. It would be in the interest of public safety to take measures to reduce the vulnerability of Public Safety LTE, and lower the likelihood of an effective jamming attack..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Never Attribute to Malice, But Always Verify

November 15, 2012 Added by:Fergal Glynn

FX did find hardcoded local bootloader passwords. These would require physical access and are the types of hardcoded passwords commonly found in networking gear and appliances. Yes a vulnerability but not likely nefarious...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Skype: serious vulnerability found

November 15, 2012 Added by:Pierluigi Paganini

The news is circulating with insistence on the net, Skype is suffering from a vulnerability that can expose its users to serious risks, due this reason it has suspended the password reset process.The Russian Blog Pixus.ru published a post where it described a workaround to hijack the accounts of the famous application...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

"No known exploits in the wild..."

November 13, 2012 Added by:Rafal Los

It's human nature, and just the way we are wired... I know I can feel some of that on myself when I hear that phrase. I guess I would change it to be slightly more effective (or harder to dismiss) by adding "at this time" at the end of the sentence - although I doubt it would make too much of a different...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Group-IB found a new zero-day vulnerability in Adobe products

November 11, 2012 Added by:Pierluigi Paganini

Once again the discovery comes from Russia, its a analysts are demonstrating great capabilities in investigations, the forensics firm Group-IB, the same that provided information on cybercrime activities in Russia in last months, has discovered the availability of a new exploit sold in the underground...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Advanced Penetration Testing for Highly Secured Environments: The Ultimate Security Guide

October 31, 2012 Added by:Dan Dieterle

What information is being broadcast by your computers, company, or employees, that don’t show up in a software scan? Many companies think that if they just run a vulnerability scan and it passes that they are good, but is this an accurate test of your network security?

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Moving From Poisoning the Ocean to Poisoning the Watering Hole

October 29, 2012 Added by:Fergal Glynn

Using the watering hole analogy, if you are the owner of a location where people congregate to drink you need to keep the beverages safe and clean. Unfortunately digital safety is decades behind food safety. If you own a website you need to understand what SQL Injection and XSS are...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »