Blog Posts Tagged with "Exploits"

B64e021126c832bb29ec9fa988155eaf

Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec's Analysis of the ZTE Android Backdoor Vulnerability

May 24, 2012 Added by:Headlines

"The worst-case scenario here is an attacker who tricks the user into installing a malicious application that takes advantage of this privilege escalation flaw. Once the application has full access to the device, the attacker can install, delete, monitor, and modify the device..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

2dc39ef06d1ad53bea80d28b84f3aa7e

Companies Hit in Targeted Attacks

May 18, 2012 Added by:Gregory Hale

If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system. Companies in specific industries could band together and share information on attacks that target their industries...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

May 18, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Skype Malware Campaign Spreading Poison Ivy Trojan

May 16, 2012 Added by:Headlines

Malware researcher Dancho Danchev is reporting a widespread social engineering campaign on Skype that is spreading a variant of the Poison Ivy Trojan. Less than half of the 42 commercial antivirus solutions surveyed are able to detect the Trojan's signature...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Strategic Web Compromises and Cyber Espionage Operations

May 15, 2012 Added by:Headlines

"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Progea Movicon Memory Corruption Vulnerability

May 11, 2012 Added by:Infosec Island Admin

Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingSCADA Insecure Password Encryption

May 10, 2012 Added by:Infosec Island Admin

Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Ninety Percent of HTTPS Websites Insecure

May 08, 2012 Added by:Dan Dieterle

Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...

Comments  (5)

09dae715e355968a0e90ebddf038ad56

Hacking-Kung Fu: Aims and Objectives Part 2

May 06, 2012 Added by:Quintius Walker

A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...

Comments  (3)

94c7ac665bbf77879483b04272744424

Ethical or Unethical Hacker?

May 01, 2012 Added by:Marc Quibell

Right there as top IT News was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified. It was written by a self-described ethical hacker. Naturally my first reaction was, "Ya right"...

Comments  (11)

69dafe8b58066478aea48f3d0f384820

Symantec Internet Security Threat Report Summary

May 01, 2012 Added by:Headlines

"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."

Comments  (2)

6648b1abd4a9b964566c3690613f20a6

OpenX CSRF Vulnerability Being Actively Exploited

April 30, 2012 Added by:Mark Baldwin

This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...

Comments  (2)

Page « < 2 - 3 - 4 - 5 - 6 > »
Most Liked