Blog Posts Tagged with "Exploits"
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
March 08, 2013 Added by:Mike Lennon
Ryan Naraine talks to Vupen CEO Chaouki Bekrar about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Ownhacker contest.
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
January 28, 2013 Added by:Pierluigi Paganini
The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...
November 26, 2012 Added by:Tripwire Inc
I might possibly be in the wrong business. Google announced recently that teenage hacker “Pinkie Pie” was awarded $60,000 for finding and reporting a bug in the company’s Chrome web browser. Apparently this is not even the first time he has accomplished this feat...
November 15, 2012 Added by:Pierluigi Paganini
The news is circulating with insistence on the net, Skype is suffering from a vulnerability that can expose its users to serious risks, due this reason it has suspended the password reset process.The Russian Blog Pixus.ru published a post where it described a workaround to hijack the accounts of the famous application...
November 13, 2012 Added by:Rafal Los
It's human nature, and just the way we are wired... I know I can feel some of that on myself when I hear that phrase. I guess I would change it to be slightly more effective (or harder to dismiss) by adding "at this time" at the end of the sentence - although I doubt it would make too much of a different...
November 11, 2012 Added by:Pierluigi Paganini
Once again the discovery comes from Russia, its a analysts are demonstrating great capabilities in investigations, the forensics firm Group-IB, the same that provided information on cybercrime activities in Russia in last months, has discovered the availability of a new exploit sold in the underground...
November 07, 2012 Added by:Rob Fuller
If you would like to contribute, please shoot me a tweet, a email, a... anything and I will gladly add you to the permissions to edit. Honestly it just became so overwhelming that every time I thought to add something I would cringe away because I know I'd spend most of time fixing them...
November 05, 2012 Added by:Tripwire Inc
This attack used to be fairly innovative. But not so much anymore. Would-be attackers can buy the basic components “off the shelf” using ready-made toolkits like Ettercap, Mallory (I love the creative use of the classic MITM name), and dsniff. If you’d like a better look at how it works, this is a good video...
October 22, 2012 Added by:Pierluigi Paganini
Recent revelations on Flame raise the question on the efficiency of zero day vulnerabilities, software bugs that hackers exploit to avoid security defenses on targeted systems. The real problem when we talk about zero-day is related to the duration of the period in which hackers exploit the vulnerability...
October 17, 2012 Added by:Fergal Glynn
By now, our readers have undoubtedly seen the buzz about a serious security vulnerability in Oracle Java, with corresponding exploit code making its way around in the form of active, in-the-wild attack campaigns, as well as penetration testing tools...
September 26, 2012 Added by:Rafal Los
Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...
September 19, 2012 Added by:Joel Harding
With the way US forces are distributed globally, cyber capabilities and flexibilities are enhanced. Cyber, both offense and defense, can be launched from anywhere. All Combatant Commanders have liaisons and representative elements with geographic commands, Cyber Command is no different...
September 17, 2012 Added by:Tripwire Inc
How do you teach paranoia and suspicion? We often hire people because of their willingness to help others, their good communication skills, their ability to be responsive, etc. As we work through securing our humans, we need to strike a balance – trust but verify, assist but not unquestioningly...
September 12, 2012 Added by:Fergal Glynn
One of the big stories from this year’s BlackHat conference was Microsoft’s inaugural BlueHat contest which challenged researchers to design a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities. Katie Moussouris discusses...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015