Blog Posts Tagged with "Exploits"

192a6e6df92a5ebd88de9b476fdd350d

Hierarchy Exploit Pack: New Crimeware for the Gangs

May 31, 2012 Added by:Jorge Mieres

Despite being a package for criminal exploitation within a vast range of alternatives, it remains a real risk for any information system. Consider that the Hierarchy Exploit Pack in the criminal markets has reached a stage where it is found among the best crimeware available...

Comments  (0)

E85787adcaf7bca10e799cfd1cfd08f1

Patch as Patch Can: All Software is Flawed

May 30, 2012 Added by:Michelle Drolet

While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec's Analysis of the ZTE Android Backdoor Vulnerability

May 24, 2012 Added by:Headlines

"The worst-case scenario here is an attacker who tricks the user into installing a malicious application that takes advantage of this privilege escalation flaw. Once the application has full access to the device, the attacker can install, delete, monitor, and modify the device..."

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

2dc39ef06d1ad53bea80d28b84f3aa7e

Companies Hit in Targeted Attacks

May 18, 2012 Added by:Gregory Hale

If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system. Companies in specific industries could band together and share information on attacks that target their industries...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

May 18, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Skype Malware Campaign Spreading Poison Ivy Trojan

May 16, 2012 Added by:Headlines

Malware researcher Dancho Danchev is reporting a widespread social engineering campaign on Skype that is spreading a variant of the Poison Ivy Trojan. Less than half of the 42 commercial antivirus solutions surveyed are able to detect the Trojan's signature...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Strategic Web Compromises and Cyber Espionage Operations

May 15, 2012 Added by:Headlines

"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Progea Movicon Memory Corruption Vulnerability

May 11, 2012 Added by:Infosec Island Admin

Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingSCADA Insecure Password Encryption

May 10, 2012 Added by:Infosec Island Admin

Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Ninety Percent of HTTPS Websites Insecure

May 08, 2012 Added by:Dan Dieterle

Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...

Comments  (5)

09dae715e355968a0e90ebddf038ad56

Hacking-Kung Fu: Aims and Objectives Part 2

May 06, 2012 Added by:Quintius Walker

A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...

Comments  (3)

94c7ac665bbf77879483b04272744424

Ethical or Unethical Hacker?

May 01, 2012 Added by:Marc Quibell

Right there as top IT News was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified. It was written by a self-described ethical hacker. Naturally my first reaction was, "Ya right"...

Comments  (11)

Page « < 2 - 3 - 4 - 5 - 6 > »