Blog Posts Tagged with "Exploits"
Metasploit: The Penetration Tester’s Guide - A Review
May 28, 2012 Added by:Dan Dieterle
The exploiting sections are very good, covering the famous exploitation techniques of attacking MS SQL, dumping password hashes, pass the hash & token impersonation, killing anti-virus and gathering intelligence from the system to pivot deeper into the target network...
Comments (0)
Symantec's Analysis of the ZTE Android Backdoor Vulnerability
May 24, 2012 Added by:Headlines
"The worst-case scenario here is an attacker who tricks the user into installing a malicious application that takes advantage of this privilege escalation flaw. Once the application has full access to the device, the attacker can install, delete, monitor, and modify the device..."
Comments (0)
Data Mining A Mountain of Zero Day Vulnerabilities
May 22, 2012 Added by:Fergal Glynn
Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...
Comments (0)
Metasploitable: Gaining Root on a Vulnerable Linux System
May 22, 2012 Added by:Dan Dieterle
Metasploitable is a great platform to practice and develop your penetration testing skills. In this tutorial, I will show you how to scan the system, find one of the vulnerable services, and then exploit the service to gain root access...
Comments (1)
ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow
May 21, 2012 Added by:Infosec Island Admin
Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...
Comments (0)
Companies Hit in Targeted Attacks
May 18, 2012 Added by:Gregory Hale
If an attacker wants to target a system, they will get in no matter what, what kind of damage occurs depends on how many layers of security buttress the system. Companies in specific industries could band together and share information on attacks that target their industries...
Comments (1)
ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities
May 18, 2012 Added by:Infosec Island Admin
The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...
Comments (0)
Skype Malware Campaign Spreading Poison Ivy Trojan
May 16, 2012 Added by:Headlines
Malware researcher Dancho Danchev is reporting a widespread social engineering campaign on Skype that is spreading a variant of the Poison Ivy Trojan. Less than half of the 42 commercial antivirus solutions surveyed are able to detect the Trojan's signature...
Comments (0)
Strategic Web Compromises and Cyber Espionage Operations
May 15, 2012 Added by:Headlines
"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."
Comments (0)
ICS-CERT: Progea Movicon Memory Corruption Vulnerability
May 11, 2012 Added by:Infosec Island Admin
Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...
Comments (0)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
Ninety Percent of HTTPS Websites Insecure
May 08, 2012 Added by:Dan Dieterle
Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...
Comments (5)
Hacking-Kung Fu: Aims and Objectives Part 2
May 06, 2012 Added by:Quintius Walker
A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...
Comments (3)
Ethical or Unethical Hacker?
May 01, 2012 Added by:Marc Quibell
Right there as top IT News was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified. It was written by a self-described ethical hacker. Naturally my first reaction was, "Ya right"...
Comments (11)
Symantec Internet Security Threat Report Summary
May 01, 2012 Added by:Headlines
"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."
Comments (2)
OpenX CSRF Vulnerability Being Actively Exploited
April 30, 2012 Added by:Mark Baldwin
This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...
Comments (2)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor