Blog Posts Tagged with "Cross Site Scripting"
October 29, 2012 Added by:Fergal Glynn
Using the watering hole analogy, if you are the owner of a location where people congregate to drink you need to keep the beverages safe and clean. Unfortunately digital safety is decades behind food safety. If you own a website you need to understand what SQL Injection and XSS are...
August 07, 2012 Added by:Headlines
Pro-Israeli hacker Yourikan (you-r!-k@n) is claiming to have hacked and defaced as many as ninety-one Iranian websites including government, education and business targets in protest of Iran's continued pursuit of nuclear weapons and support for terrorist activities targeting Israel...
July 05, 2012 Added by:ʞɔopuooq ʇuıɐs
There haven’t been a lot of ‘TANGO DOWNS’ over the last few months. I decided that I should concentrate on targeted intelligence gathering. I needed a way to get the real world identity of ‘the marks’ – be it Anons, Jihadists or forum admins. Over the last few months I have been running ‘Project Looking Glass’...
July 02, 2012 Added by:Headlines
"Despite the plethora of recent breach headlines, websites could in fact be getting... less vulnerable... The time for using 'No one would want to attack us' as a security strategy is clearly over, if it was ever true to begin with. Any company doing business online has something worth hacking into..."
June 12, 2012 Added by:Fergal Glynn
What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...
June 08, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...
June 07, 2012 Added by:Rafal Los
From experience, there are 3 clearly identified causes for poor adoption of well-intentioned security-built technology into everyday development and systems building... Let's take a look at them and see what can be done to raise the level of adoption from each case...
May 31, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Emerson DeltaV application which can be can be exploited by a remote attacker and could allow denial of service, information disclosure, or remote code execution. Emerson has produced a hotfix that mitigates these vulnerabilities...
May 22, 2012 Added by:Fergal Glynn
Information leakage happens when sensitive information is displayed to the a user inadvertently. An example would be pathnames or database IP addresses returned within an error message to a user. An attacker can use this information to undermine the system...
May 11, 2012 Added by:Headlines
Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...
April 16, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...
April 04, 2012 Added by:Infosec Island Admin
Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...
February 26, 2012 Added by:Ben Rothke
February 17, 2012 Added by:Headlines
ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...
February 15, 2012 Added by:Jack Daniel
What is the point of telling you I was compromised by spear phishing, SQL injection, cross site scripting, cross site request forgery, default credentials, or anything else we’ve know about for years? If you are ignoring all of the well-known risks, it is a waste of time...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013