Blog Posts Tagged with "Vulnerabilities"

682e0e796084e163c5ca053dd8573b0c

Making Patching Work for SCADA and Industrial Control System Security

April 05, 2013 Added by:Eric Byres

Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security: Welcome to the Patching Treadmill

March 15, 2013 Added by:Eric Byres

After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.

Comments  (0)

Default-avatar

Three New Podcasts: Security Conversations - A Podcast With Ryan Naraine

March 04, 2013 Added by:Infosec Island

In these three new episodes of the Security Conversations Podcast, Ryan Naraine interviews Adobe's David Lenoe on Frustrations With "Partial Disclosure", Securosis CEO Rich Mogull on Mandiant's APT1 Report and Advanced Threat Actors, and Sourcefire's Yves Younan on Tracking 25 Years of Vulnerability Data.

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Gather Vulns: Necessity is the mother of Invention

March 01, 2013 Added by:f8lerror

Ever run into a test where you port scan and you just cannot remember what those ports are or if there is any vulnerabilities connected to them? Normally, I would just take the port do a search on Exploit-db.com.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (14)

Default-avatar

UPnP Security Flaws Expose 40-50 Million Networked Devices

January 29, 2013 Added by:Infosec Island

Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Information Sharing and Asymmetric Advantage

January 27, 2013 Added by:Tripwire Inc

One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Don’t Be Caught Playing the Fool (A Lesson in Why Change Control is Important)

January 03, 2013 Added by:Gary McCully

This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Security is Inconvenient, Deal With It!

December 17, 2012 Added by:Keith Mendoza

ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...

Comments  (2)

03b2ceb73723f8b53cd533e4fba898ee

How to get into your house through SmartTV

December 14, 2012 Added by:Pierluigi Paganini

Security experts posted a video that demonstrates how it is possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV...

Comments  (0)

E85787adcaf7bca10e799cfd1cfd08f1

Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)

03b2ceb73723f8b53cd533e4fba898ee

LTE networks vulnerable to jamming, a question of national security

November 18, 2012 Added by:Pierluigi Paganini

"These comments describe extremely effective attacks can be realized, using fairly low complexity. It would be in the interest of public safety to take measures to reduce the vulnerability of Public Safety LTE, and lower the likelihood of an effective jamming attack..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Never Attribute to Malice, But Always Verify

November 15, 2012 Added by:Fergal Glynn

FX did find hardcoded local bootloader passwords. These would require physical access and are the types of hardcoded passwords commonly found in networking gear and appliances. Yes a vulnerability but not likely nefarious...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Skype: serious vulnerability found

November 15, 2012 Added by:Pierluigi Paganini

The news is circulating with insistence on the net, Skype is suffering from a vulnerability that can expose its users to serious risks, due this reason it has suspended the password reset process.The Russian Blog Pixus.ru published a post where it described a workaround to hijack the accounts of the famous application...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

"No known exploits in the wild..."

November 13, 2012 Added by:Rafal Los

It's human nature, and just the way we are wired... I know I can feel some of that on myself when I hear that phrase. I guess I would change it to be slightly more effective (or harder to dismiss) by adding "at this time" at the end of the sentence - although I doubt it would make too much of a different...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »