Blog Posts Tagged with "Attack Vector"
August 06, 2012 Added by:Danny Lieberman
Data is leaked or stolen because it has value. The financial impact of a breach is directly proportional to the value of the asset. The key attack vector for an event is people - often business partners working with inside employees. People handle electronic data and make mistakes or do not follow policies...
June 22, 2012 Added by:shawn merdinger
The work done by security researchers on their own devices is only the beginning of what we can expect will be a deluge of medical device related vulnerabilities, and it’s worthwhile to explore some of the reasons as to why the current situation is the way it is now...
June 01, 2012 Added by:PCI Guru
Doing the actual grunt work of security is just not sexy work. There is no doubt about that. Ensuring the security of networks 24x7x365 is very monotonous work. And it is monotony that is one of the primary reasons why organizations get breached. People get bored and they start to cut corners....
May 16, 2012 Added by:Keith Mendoza
About a week ago, I read about this new daily deal service called edo that ties to your bank account, and the first thing that came to my mind is “uh oh, another attack vector into my bank info”. Here are a list of features that are those potential attack vectors...
April 24, 2012 Added by:Brent Huston
There are now a variety of tools, exploits and frameworks built for attacking VoIP installations and they are a target for both automated tools and manual hacking. Access to VoIP systems can provide a great platform for intelligence, recon, industrial espionage and toll fraud...
March 27, 2012 Added by:Alan Woodward
This attack is theoretically possible because the DNS is a hierarchy. At the top level are 13 servers. Disrupt them and you could disrupt the entire DNS network. Authorities know this and they put a lot of effort into ensuring that the DNS network can cope with a DOS attack...
March 13, 2012 Added by:Brent Huston
DHS ranks the CSRF vulnerability as the 909th most dangerous software bug, more dangerous than most buffer overflows. CSRF vulnerabilities can result in remote code execution with root privileges or compromise root certificates, completely undermining a public key infrastructure...
February 14, 2012 Added by:Danny Lieberman
In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...
February 08, 2012 Added by:Rafal Los
You have to keep close tabs on your employees, your friends, your enemies and those you would never suspect, because threats are ever-present and overwhelming. Keep a level-head, because the evolution of threat doesn't mean it's any more scary today than yesterday...
February 08, 2012 Added by:Fergal Glynn
One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...
January 31, 2012 Added by:Fergal Glynn
Chris Wysopal and internationally-renowned cyber security expert Richard Clarke discuss the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...
January 26, 2012 Added by:Steven Fox, CISSP, QSA
The use of social media by merchants could be targeted by hacktivists with a social agenda or by hackers with financial goals. If hackers aligned themselves with protesters, they could launch social media campaigns designed to influence the perception of a business...
January 09, 2012 Added by:Shay Chen
Many CSRF prevention mechanisms protect the user by requiring session-specific tokens or custom headers as additional input for action performing modules, and since "normal" CSRF can't analyze responses, these mechanisms prevent most of these attacks - until now...
December 15, 2011 Added by:Kelly Colgan
Identifying threats is an offensive tactic. It’s a close monitoring of the system at hand and the cyber news media. It’s easier to be protective when you understand what kinds of hackers, criminal, or nation states are after your system’s data. Know how to handle toxic data...
December 09, 2011 Added by:Headlines
"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."
October 25, 2011 Added by:Chris Kimmel
A true APT has close to a 100% penetration rate. It should be noted that the difficulty of attacks can range from simple social engineering to a zero-day. These attackers will tend to use any attack method they can to penetrate an organization...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013