Blog Posts Tagged with "Vulnerabilities"

0a8cae998f9c51e3b3c0ccbaddf521aa

Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Invensys Winderware Intouch 10 DLL Hijack

July 24, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Penagos Hollmann has identified an uncontrolled search path element vulnerability, commonly referred to as a dll hijack, in Invensys’s Wonderware InTouch application. Successfully exploiting this vulnerability could lead to arbitrary code execution...

Comments  (0)

5cbe1364caf51f95cac6484a832d66d0

The "Compliance Society"

July 23, 2012 Added by:Bob Radvanovsky

I am quickly growing weary of the fact that individuals claiming to be "cybersecurity" or "critical infrastructure" subject-matter experts (or "SMEs"), are indicating that adherence to a regulatory requirement or compliance governance means that something is "secured". Let's get one thing straight...

Comments  (4)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: OSIsoft Stack-Based Buffer Overflow Vulnerability

July 23, 2012 Added by:Infosec Island Admin

ICS-CERT has received a report from OSIsoft concerning a stack-based buffer overflow in the PI OPC DA Interface software that could cause the software to crash or allow a remote attacker to execute arbitrary code. This vulnerability was discovered during a software assessment requested by OSIsoft and funded by DHS...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Coders Rights at Risk in the European Parliament

July 18, 2012 Added by:Electronic Frontier Foundation

By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities

July 16, 2012 Added by:Infosec Island Admin

Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...

Comments  (1)

94c7ac665bbf77879483b04272744424

Yahoo Voices Accounts Exposed and Available to the General Public

July 13, 2012 Added by:Marc Quibell

If Yahoo took "security very seriously" this probably may not have happened. This is obviously a fail in their IT Security practices, on many accounts, beginning with the SQL Injection attack used to compromise the server - yes, it only took one server to compromise for this to occur...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Vulnerability Scans too Disruptive to Conduct Regularly

July 12, 2012 Added by:Headlines

“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks. Critical vulnerabilities have to be identified, prioritized, and remediated daily..."

Comments  (4)

Ebe141392ea3ebf96ba918c780ea1ebe

Web Application Firewalls: There is No Spoon

July 12, 2012 Added by:Wendy Nather

I agree that some apps can't be remediated in a short time span, others can't ever be fixed, and so on - for those exigencies a WAF is better than nothing. However, I would caution anyone against deciding that the wave of the future is to rely on the WAF or other network-based security device for application security...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

DHS Cyber Teams Uncover Federal Network Vulnerabilities

July 11, 2012 Added by:Headlines

"We provide free specialized access to skills and services that are not readily available or are in high demand across the dot-gov to promote a healthy and resilient cyber infrastructure. That's the goal to do risk-based analysis and gap analysis of capabilities and drive improvements..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Thousands of Sites Hacked with Plesk Zero Day Exploit

July 10, 2012 Added by:Headlines

"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Detecting Unknown Application Vulnerabilities "In Flight"

July 10, 2012 Added by:Rafal Los

While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Are Your Security Metrics “Top Five" Worthy?

July 09, 2012 Added by:Tripwire Inc

In conversations with infosec executives, a common question is “What should I really be measuring?,” or they make comments like “I report on a lot of things, but I am not sure what the top security indicators are that I should roll up to my executive team.” Here are the five characteristics of effective metrics...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingView and KingHistorian Vulnerabilities

July 09, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application which are exploitable remotely and could lead to arbitrary code execution, information disclosure, and denial of service...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Nonsense Abounds, and More is Coming...

July 05, 2012 Added by:Jack Daniel

You cannot “stop attacks”, you can only alter the consequences of the attacks. You can stop attacks from succeeding sometimes, and minimize the impact on your organization, but the attacks will come no matter what. Further, the idea that “attacks” only fall into two categories, zero-day and patchable, is more nonsense...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-Face Pro-Server EX Multiple Vulnerabilities

July 04, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, integer overflow, unhandled exception, and memory corruptions. Each of these vulnerabilities are remotely exploitable, and public exploits are known to target these vulnerabilities...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »