Blog Posts Tagged with "Exploits"
Skype Malware Campaign Spreading Poison Ivy Trojan
May 16, 2012 Added by:Headlines
Malware researcher Dancho Danchev is reporting a widespread social engineering campaign on Skype that is spreading a variant of the Poison Ivy Trojan. Less than half of the 42 commercial antivirus solutions surveyed are able to detect the Trojan's signature...
Comments (0)
Strategic Web Compromises and Cyber Espionage Operations
May 15, 2012 Added by:Headlines
"Cyber Espionage attacks are not a fabricated issue and are not going away any time soon... They are aiming to expand their access and steal data. Communications (primarily e-mail), research and development (R&D), intellectual property (IP), and business intelligence..."
Comments (0)
ICS-CERT: Progea Movicon Memory Corruption Vulnerability
May 11, 2012 Added by:Infosec Island Admin
Security researcher Dillon Beresford of IXIA has identified a memory corruption vulnerability in the Progea Movicon application. This vulnerability can be exploited by a remote attacker to read an invalid memory address resulting in a denial of service...
Comments (0)
ICS-CERT: WellinTech KingSCADA Insecure Password Encryption
May 10, 2012 Added by:Infosec Island Admin
Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...
Comments (0)
Ninety Percent of HTTPS Websites Insecure
May 08, 2012 Added by:Dan Dieterle
Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...
Comments (5)
Hacking-Kung Fu: Aims and Objectives Part 2
May 07, 2012 Added by:Quintius Walker
A major aim of Kung-Fu Hacking training is System Security - or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public...
Comments (3)
Ethical or Unethical Hacker?
May 02, 2012 Added by:Marc Quibell
Right there as top IT News was an article on how to pwn a Hotmail account. It was a 0-day exploit, which meant no one at Microsoft was notified. It was written by a self-described ethical hacker. Naturally my first reaction was, "Ya right"...
Comments (11)
Symantec Internet Security Threat Report Summary
May 01, 2012 Added by:Headlines
"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."
Comments (2)
OpenX CSRF Vulnerability Being Actively Exploited
May 01, 2012 Added by:Mark Baldwin
This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...
Comments (2)
IC3: Blackhole Exploit Kit 1.2.3 Released
April 26, 2012 Added by:Headlines
Blackhole, the most widely purchased exploit pack in the underground market, is a toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash...
Comments (0)
Don’t Forget about VoIP Exposures and PBX Hacking
April 25, 2012 Added by:Brent Huston
There are now a variety of tools, exploits and frameworks built for attacking VoIP installations and they are a target for both automated tools and manual hacking. Access to VoIP systems can provide a great platform for intelligence, recon, industrial espionage and toll fraud...
Comments (0)
Flashback - Are You Joking? There is No Malware for Mac!
April 23, 2012 Added by:Pierluigi Paganini
We must remember that in any software there will be vulnerabilities that could be exploited for criminal purposes. To give you an immediate idea of the malware available for the Mac environment, I produced a table that lists the main agents detected by a well known antivirus...
Comments (0)
Analysis of the April 2012 CPU for the Oracle Database
April 23, 2012 Added by:Alexander Rothacker
It’s mid-April, so it’s Oracle CPU fallout time again. This CPU contains 88 fixes. Thirty-three in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities...
Comments (0)
ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities
April 20, 2012 Added by:Infosec Island Admin
ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...
Comments (0)
On Buffer Overrun Vulnerabilities, Exploits and Attacks
April 19, 2012 Added by:Fergal Glynn
A Buffer overflow is a common software coding mistake. To effectively mitigate the vulnerability, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit them...
Comments (0)
All the Lights Will Not Go Out in a Cyber Attack
April 17, 2012 Added by:Dan Dieterle
One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...
Comments (5)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR