Blog Posts Tagged with "Exploits"


Patch as Patch Can: All Software is Flawed

May 30, 2012 Added by:Michelle Drolet

While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...

Comments  (0)


Metasploit: The Penetration Tester’s Guide - A Review

May 28, 2012 Added by:Dan Dieterle

The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...

Comments  (0)


Symantec's Analysis of the ZTE Android Backdoor Vulnerability

May 24, 2012 Added by:Headlines

"The worst-case scenario here is an attacker who tricks the user into installing a malicious application that takes advantage of this privilege escalation flaw. Once the application has full access to the device, the attacker can install, delete, monitor, and modify the device..."

Comments  (0)


Data Mining A Mountain of Zero Day Vulnerabilities

May 22, 2012 Added by:Fergal Glynn

Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...

Comments  (0)


Metasploitable: Gaining Root on a Vulnerable Linux System

May 22, 2012 Added by:Dan Dieterle

Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...

Comments  (1)


ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)


Companies Hit in Targeted Attacks

May 18, 2012 Added by:Gregory Hale

If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system. Companies in specific industries could band together and share information on attacks that target their industries...

Comments  (1)


ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

May 18, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...

Comments  (0)


Skype Malware Campaign Spreading Poison Ivy Trojan

May 16, 2012 Added by:Headlines

Malware researcher Dancho Danchev is reporting a widespread social engineering campaign on Skype that is spreading a variant of the Poison Ivy Trojan. Less than half of the 42 commercial antivirus solutions surveyed are able to detect the Trojan's signature...

Comments  (0)


Strategic Web Compromises and Cyber Espionage Operations

May 15, 2012 Added by:Headlines

"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."

Comments  (0)


ICS-CERT: Progea Movicon Memory Corruption Vulnerability

May 11, 2012 Added by:Infosec Island Admin

Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...

Comments  (0)


ICS-CERT: WellinTech KingSCADA Insecure Password Encryption

May 10, 2012 Added by:Infosec Island Admin

Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...

Comments  (0)


Ninety Percent of HTTPS Websites Insecure

May 08, 2012 Added by:Dan Dieterle

Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...

Comments  (5)


Hacking-Kung Fu: Aims and Objectives Part 2

May 06, 2012 Added by:Quintius Walker

A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...

Comments  (3)


Ethical or Unethical Hacker?

May 01, 2012 Added by:Marc Quibell

Right there as top IT News was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified. It was written by a self-described ethical hacker. Naturally my first reaction was, "Ya right"...

Comments  (11)


Symantec Internet Security Threat Report Summary

May 01, 2012 Added by:Headlines

"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."

Comments  (2)

Page « < 2 - 3 - 4 - 5 - 6 > »