Items Tagged with "Vulnerabilities"
Gaining Access to a Check Point Appliance
February 07, 2012 Added by:Bill Mathews
On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...
Comments (0)
Achieving Network Security
February 07, 2012 Added by:Kevin Somppi
Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...
Comments (0)
Hacking Satellite Communications
February 06, 2012 Added by:Pierluigi Paganini
We must consider that compromised satellites are a serious risk, that the exposure could affect communications in the business and military sectors, and could also cause the loss of sensitive and strategic technological information...
Comments (0)
A Conversation With Richard Clarke – Part II
February 04, 2012 Added by:Fergal Glynn
Chris Wysopal and cyber security expert Richard Clarke continue their discussion on the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...
Comments (1)
System Compromise: What the Heck is a FeeLCoMz String?
February 03, 2012 Added by:Brent Huston
If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...
Comments (0)
ICS-CERT Monthly Monitor for January 2012
February 02, 2012
The ICS-CERT Monthly Monitor offers a means of promoting preparedness, information sharing, and collaboration with the 18 critical infrastructure/key resource sectors and through sector briefings, meetings, conferences, and information product releases...
Comments (0)
Four Reasons to Use a Vulnerability Scanner
February 01, 2012 Added by:Dan Dieterle
A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use scanners to hunt for ways to compromise your systems...
Comments (0)
Best Ways for Businesses to Prevent Data Breaches
February 01, 2012 Added by:Danny Lieberman
Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...
Comments (0)
ICS-CERT: Siemens Simatic WinCC Vulnerabilities
January 31, 2012 Added by:Headlines
Successful exploitation of these vulnerabilities could allow an attacker to log on to a vulnerable system as a user or administrator with the ability to execute arbitrary code or obtain full access to files on the system. Publicly available exploits are known...
Comments (0)
ICS-CERT: Open Automation Software OPC Systems.NET Vulnerabilities
January 27, 2012 Added by:Headlines
Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET along with proof-of-concept exploit code. Digital Security Research Group publicly reported the vulnerability in a third-party ActiveX control...
Comments (0)
Security is in the Cracks
January 26, 2012 Added by:Danny Lieberman
In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...
Comments (0)
The 2006 Theft of Symantec's Source Code - Response and Repercussions
January 26, 2012 Added by:Jeffrey Carr
Symantec has acknowledged that source code for multiple products was stolen in 2006. The worst part is that Symantec was clueless about the theft of its own source code for almost six years, which means that thousands of customers were clueless as well...
Comments (1)
ICS-CERT: MICROSYS spol. s r.o. PROMOTIC Vulnerabilities
January 26, 2012 Added by:Headlines
The MICROSYS spol. s r.o. PROMOTIC vulnerabilities include directory traversal, ActiveX heap overflow, and ActiveX stack overflow vulnerabilities. Public exploits are known to target these vulnerabilities which may result in denial of service or data leakage...
Comments (0)
ICS-CERT: Ocean Data Systems Dream Report Vulnerabilities
January 25, 2012 Added by:Headlines
A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. An attacker with a low skill level can create the XSS exploit. A write access violation vulnerability also exists in the application...
Comments (0)
ICS-CERT: Multiple PLC Zero-Day Vulnerabilities
January 24, 2012 Added by:Headlines
The vulnerabilities purportedly include buffer overflows, backdoors, weak authentication and encryption, and other vulnerabilities that could allow an attacker to take control of the device and interfere or halt the process it controls...
Comments (0)
More Exposure to SCADA Devices Through Shodan
January 22, 2012 Added by:Bob Radvanovsky
Wile I am certain that the majority of this membership knows what Shodan is, honestly, it represents slightly more than an automated port scanner reporting back on some of the more common open ports (HTTP, SNMP, telnet) that appear to be pingable throughout the Internet...