Items Tagged with "Vulnerabilities"


SAP Cyber Threat Intelligence Report – October 2016

October 20, 2016 Added by:Alexander Polyakov

SAP has released the monthly critical patch update for October 2016 to resolve 48 vulnerabilities in SAP products, a record-breaking number of flaws.

Comments  (0)


Demonstration of Hacking a Protective Relay and Taking Control of a Motor

September 15, 2016 Added by:Joe Weiss

At the 2016 ICS Cyber Security Conference we will be providing a demonstration and will take the SEL-751A used in a traditional motor control setting and compromise not only the SEL751A, but then take control of the motor.

Comments  (0)


Reducing the Attack Surface is a Fool’s Errand

April 01, 2016 Added by:Paul Morville

This April Fool’s Day, let’s acknowledge that a security strategy focused exclusively on patching and prevention is a fool’s errand and let’s move towards an adaptive approach that includes prevention, detection, continuous visibility and response.

Comments  (0)


Flash Vulnerabilities Most Targeted by Exploit Kits in 2015

March 15, 2016 Added by:InfosecIsland News

Adobe’s Flash Player in 2015 was the dominant application in terms of vulnerabilities targeted by exploit kits (EKs), with 13 of the 17 new flaws added to these malicious programs pertaining to the web plugin.

Comments  (0)


The Bloody Battle of Website Defacement: “ISIS” Hackers vs. WordPress

March 13, 2015 Added by:Nimrod Luria

Eliminating defacement attacks on a WordPress site is extremely difficult because of the vulnerable nature of the platform. Administrators should continuously check for the appearance of unknown files and directories and monitor them for changes.

Comments  (3)


Windows Update to Fix Pass-the-Hash Vulnerability? Not!

May 27, 2014 Added by:Tal Be'ery

Exploiting the Pass-the-Hash vulnerability is the weapon of choice for most APT attackers. Therefore when Microsoft released a Windows’ update on May 13th titled: “Update to fix the Pass-The-Hash Vulnerability”, it was warmly accepted by IT teams. However, this update was received by the security community with a raised eyebrow, especially due to the fact that just two months before the upd...

Comments  (0)


Experts Warn of Attackers Hoarding Windows XP 'Forever Days'

April 08, 2014 Added by:InfosecIsland News

Microsoft officially ends support on Tuesday, April 8 by releasing the last security updates for Windows XP and Office 2003 as part of the April Patch Tuesday release. Security experts believe criminals are hoarding XP vulnerabilities with plans to launch campaigns exploiting them at a later date, since those zero days will become "forever days."

Comments  (0)


Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease?

April 01, 2014 Added by:Tal Be'ery

One of the new security features in the latest Windows release (Windows 8.1) is the “Restricted Admin mode for Remote Desktop Connection”. This measure is meant to enhance Windows credential protection against attacks such as Pass-the-Hash and Pass-the-Ticket. However, it appears that cure might be worse than the disease as the new “Restricted Admin mode” opens a new attack surface for the...

Comments  (0)


A Closer Look at the Android VPN Flaw

February 17, 2014 Added by:Patrick Oliver Graf

The recent revelation from Ben Gurion University of malicious apps that can be used to bypass VPN configurations and push communications to a different network address changes the conversation entirely.

Comments  (0)


DNP3 Vulnerabilities Part 1 of 2: NERC’s Electronic Security Perimeter is Swiss Cheese

November 07, 2013 Added by:Eric Byres

If you have been following SCADA news in the last month, you might have noticed an avalanche of reports and blogs on new security vulnerabilities in power industry equipment. So far, vulnerability disclosures for 9 products using the DNP3 protocol have been released by the ICS-CERT, with another 21 SCADA product disclosures on their way.

Comments  (0)


Plugging Java’s Holes - Is There a Practical Fix?

September 18, 2013 Added by:Scott Petry

Developers love Java. But its security problems have gotten out of hand. Is there a practical fix?

Comments  (0)


Why SQL Injection Still Plagues Us

July 23, 2013 Added by:Dan Kuykendall

Eliminating the risk of SQL injection is made complicated by a host of factors -- many of which are out of the developer and security teams’ control. If not addressed completely, web applications are still vulnerable. Let’s look at the problem from each team’s point of view.

Comments  (0)


Emergency Alerting Systems Found Vulnerable to Remote Attack

July 08, 2013 Added by:Steve Ragan

Digital Alert Systems From Monroe Electronics Contain a Known SSH Private Key and are Vulnerable to Remote Attack

Comments  (0)


Healthcare Interrupted - Top Five Vulnerabilities Hackers Can Use Right Now To Shut Down Medical Devices

June 24, 2013 Added by:Matt Neely

By performing penetration tests on hospital networks and medical devices, security researchers have found that many commonly used devices are insecure and can be easily compromised.

Comments  (0)


New Approaches for Blocking Zero-Day Exploits to Prevent APTs

April 16, 2013 Added by:George Tubin

Cybercriminals continue to develop new methods to bypass security controls in order to install malware on corporate endpoints. An endpoint protection approach that provides both effectiveness and manageability must begin with an understanding of the attack vectors that require mitigation.

Comments  (2)


Making Patching Work for SCADA and Industrial Control System Security

April 05, 2013 Added by:Eric Byres

Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »