Blog Posts Tagged with "Vulnerabilities"
Software Security: A Chief Financial Officer’s Perspective
May 15, 2012 Added by:Fergal Glynn
Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...
Comments (0)
Vulnerabilities: Context Matters
May 14, 2012 Added by:Jack Daniel
You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...
Comments (0)
FBI on Bitcoin: Cybercrime, Opportunity and Digital Choice
May 11, 2012 Added by:Pierluigi Paganini
The real danger of digital money, above the vulnerabilities in its processes, is the inability of governments to exert control over finances, which could lead to a distortion of the main mechanisms of economic control and taxation, bringing total chaos to the market...
Comments (0)
Apple Releases OS X and Safari Security Updates
May 11, 2012 Added by:Headlines
Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...
Comments (0)
A Field Guide to Post-UDID Unique IDs on iOS
May 10, 2012 Added by:Fergal Glynn
Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...
Comments (0)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
RedKit Private Exploit Tool Emerges in the Wild
May 04, 2012 Added by:Headlines
"RedKit is armed with two of the most popular exploits... The first exploit is a fairly obfuscated PDF file that exploits the LibTIFF vulnerability..." The second is the "latest Java exploit, dealing with the AtomicReferenceArray vulnerability..."
Comments (0)
Applications Targeting Apple Products
May 03, 2012 Added by:Joel Harding
When I was told of a new mobile application distribution system which avoids Apple's scrutiny, my alarm antennas began quivering. Now combine this with who is doing it - Russian developers - and I get an even more dreadful feeling in the pit of my stomach...
Comments (0)
ICS-CERT: WellinTech KingView DLL Hijack Vulnerability
May 02, 2012 Added by:Infosec Island Admin
Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability...
Comments (0)
Data (In)Security Will Impact Presidential Election Race
May 02, 2012 Added by:Josh Shaul
Breaking into poorly protected government systems and revealing personal or financial information, stealing and posting lists of campaign donations, or corrupting electronic voting systems – these tactics are available to those with expertise and funding...
Comments (0)
Ethical or Unethical Hacker?
May 02, 2012 Added by:Marc Quibell
Right there as top IT News was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified. It was written by a self-described ethical hacker. Naturally my first reaction was, "Ya right"...
Comments (11)
Symantec Internet Security Threat Report Summary
May 01, 2012 Added by:Headlines
"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."
Comments (2)
OpenX CSRF Vulnerability Being Actively Exploited
May 01, 2012 Added by:Mark Baldwin
This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...
Comments (2)
Multi-Platform Malware Targets Both Widows and Mac OS
April 27, 2012 Added by:Headlines
"If the threat is running on a Mac operating system, it downloads a dropper type malware written in Python. However, if the threat is running on a Windows operating system, it downloads a standard Windows executable file dropper. Both droppers drop a Trojan horse program..."
Comments (0)
ICS-CERT: RuggedCom Weak Cryptography Vulnerability
April 27, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...
Comments (0)
AppSec Mistakes Companies Make and How to Fix Them
April 25, 2012 Added by:Fergal Glynn
We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR