Items Tagged with "Vulnerabilities"
February 17, 2014 Added by:Patrick Oliver Graf
The recent revelation from Ben Gurion University of malicious apps that can be used to bypass VPN configurations and push communications to a different network address changes the conversation entirely.
November 07, 2013 Added by:Eric Byres
If you have been following SCADA news in the last month, you might have noticed an avalanche of reports and blogs on new security vulnerabilities in power industry equipment. So far, vulnerability disclosures for 9 products using the DNP3 protocol have been released by the ICS-CERT, with another 21 SCADA product disclosures on their way.
July 23, 2013 Added by:Dan Kuykendall
Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.
July 08, 2013 Added by:Steve Ragan
Digital Alert Systems From Monroe Electronics Contain a Known SSH Private Key and are Vulnerable to Remote Attack
Healthcare Interrupted - Top Five Vulnerabilities Hackers Can Use Right Now To Shut Down Medical Devices
June 24, 2013 Added by:Matt Neely
By performing penetration tests on hospital networks and medical devices, security researchers have found that many commonly used devices are insecure and can be easily compromised.
April 16, 2013 Added by:George Tubin
Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
March 04, 2013 Added by:Infosec Island
In these three new episodes of the Security Conversations Podcast, Ryan Naraine interviews Adobe's David Lenoe on Frustrations With "Partial Disclosure", Securosis CEO Rich Mogull on Mandiant's APT1 Report and Advanced Threat Actors, and Sourcefire's Yves Younan on Tracking 25 Years of Vulnerability Data.
March 01, 2013 Added by:f8lerror
Ever run into a test where you port scan and you just cannot remember what those ports are or if there is any vulnerabilities connected to them? Normally, I would just take the port do a search on Exploit-db.com.
February 21, 2013 Added by:Rohit Sethi
On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
January 27, 2013 Added by:Tripwire Inc
One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...
January 03, 2013 Added by:Gary McCully
This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...