Blog Posts Tagged with "Vulnerabilities"
DHS Cyber Teams Uncover Federal Network Vulnerabilities
July 11, 2012 Added by:Headlines
"We provide free specialized access to skills and services that are not readily available or are in high demand across the dot-gov to promote a healthy and resilient cyber infrastructure. That's the goal to do risk-based analysis and gap analysis of capabilities and drive improvements..."
Comments (0)
Thousands of Sites Hacked with Plesk Zero Day Exploit
July 10, 2012 Added by:Headlines
"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."
Comments (0)
Detecting Unknown Application Vulnerabilities "In Flight"
July 10, 2012 Added by:Rafal Los
While you certainly can use velocity and frequency to detect attacks against a web application, high frequency doesn't always mean an attack or that a vulnerability is present. But, it is a fallacy to assume that a component needs to have a high frequency or velocity to signal targeting by an attacker....
Comments (0)
Are Your Security Metrics “Top Five" Worthy?
July 09, 2012 Added by:Tripwire Inc
In conversations with infosec executives, a common question is “What should I really be measuring?,” or they make comments like “I report on a lot of things, but I am not sure what the top security indicators are that I should roll up to my executive team.” Here are the five characteristics of effective metrics...
Comments (1)
ICS-CERT: WellinTech KingView and KingHistorian Vulnerabilities
July 09, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application which are exploitable remotely and could lead to arbitrary code execution, information disclosure, and denial of service...
Comments (0)
Nonsense Abounds, and More is Coming...
July 05, 2012 Added by:Jack Daniel
You cannot “stop attacks”, you can only alter the consequences of the attacks. You can stop attacks from succeeding sometimes, and minimize the impact on your organization, but the attacks will come no matter what. Further, the idea that “attacks” only fall into two categories, zero-day and patchable, is more nonsense...
Comments (1)
ICS-CERT: Pro-Face Pro-Server EX Multiple Vulnerabilities
July 04, 2012 Added by:Infosec Island Admin
The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, integer overflow, unhandled exception, and memory corruptions. Each of these vulnerabilities are remotely exploitable, and public exploits are known to target these vulnerabilities...
Comments (0)
Symantec: Blackhole Exploit Kit Upgrade Revealed
July 03, 2012 Added by:Headlines
"The Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain... The code then creates a hidden iframe, using the previously-generated domain as the source..."
Comments (0)
Despite Breach Trends - Website Vulnerabilities Decrease
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
Comments (1)
ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities
July 02, 2012 Added by:Infosec Island Admin
Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...
Comments (0)
Five Reasons Why You Need an Application Security Program
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
Comments (0)
Myth or Fact? Debunking the Biggest Information Security Myths
June 27, 2012 Added by:Tripwire Inc
Myths have existed throughout history in different cultures and times. The information security industry isn’t excluded from having its own share of myths. So, I got in touch with some European security professionals to share their views on some of the biggest security myths that need busting...
Comments (1)
Dangers of Scanning QR Codes: Interview with Eric Mikulas
June 25, 2012 Added by:Fergal Glynn
Consumers make the mistake of trusting unreadable QR codes (unreadable by humans) that could really take a person anywhere. With all the vulnerabilities that are discovered on a regular basis with smart phones, it is only a matter of time until we see an explosion in malware for mobile platforms...
Comments (0)
Static Analysis: Hopper’s Decompiler Feature
June 22, 2012 Added by:Fergal Glynn
After reading this tutorial, hopefully binaries will appear less inscrutable and magical, and you will understand why reverse engineers laugh in the face of programmers who think no one will understand their awesome secret algorithm without the source code. Don’t count on “but it’s compiled” as a security feature...
Comments (0)
Medical Device Security: This Time It’s Personal
June 22, 2012 Added by:shawn merdinger
The work done by security researchers on their own devices is only the beginning of what we can expect will be a deluge of medical device related vulnerabilities, and it’s worthwhile to explore some of the reasons as to why the current situation is the way it is now...
Comments (0)
ICS-CERT: Wonderware SuiteLink Unallocated Unicode String
June 22, 2012 Added by:Infosec Island Admin
Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...
Comments (0)
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform