Search:

Items Tagged with "Vulnerabilities"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Advantech ISSymbol ActiveX Buffer Overflow

May 21, 2012 Added by:Infosec Island Admin

Researchers have identified multiple buffer overflow vulnerabilities in the Advantech Studio product that could allow an attacker to cause buffer overflows, which in turn can allow arbitrary execution code. An exploit code is known to exist that targets these vulnerabilities...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Guessable Passwords: The Unpatchable Exploit

May 21, 2012 Added by:Chris Murrey

During penetration assessments the tester attempts to compromise systems. Many users take short cuts with passwords, this is because they feel they are not a target, not important, or their access doesn’t matter. Penetration testers know this and so do the attackers...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Kaspersky Warns of Critical Infrastructure Vulnerabilities

May 18, 2012 Added by:Headlines

“It’s not possible to protect. Stuxnet told us that modern systems are not protected... SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere... [We] need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

May 18, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware Unicode String Vulnerability

May 17, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report identifying an unallocated Unicode string vulnerability with proof-of-concept exploit code that affects the Invensys Wonderware SuiteLink service which could allow an attacker to remotely crash older versions of the service...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Smart Grid Security: An Inside View from Patrick C. Miller

May 17, 2012 Added by:Larry Karisny

A March survey revealed that two-thirds energy security professionals think smart-grid projects do not adequately deal with security threats. Larry Karisny interviewed Patrick C. Miller, president and CEO of EnergySec, about the survey and the subject of smart-grid security...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Software Security: A Chief Financial Officer’s Perspective

May 15, 2012 Added by:Fergal Glynn

Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Vulnerabilities: Context Matters

May 14, 2012 Added by:Jack Daniel

You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...

Comments  (0)

9a824a3f55b26adad5431f6715dbec2e

FBI on Bitcoin: Cybercrime, Opportunity and Digital Choice

May 11, 2012 Added by:Pierluigi Paganini

The real danger of digital money, above the vulnerabilities in its processes, is the inability of governments to exert control over finances, which could lead to a distortion of the main mechanisms of economic control and taxation, bringing total chaos to the market...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apple Releases OS X and Safari Security Updates

May 11, 2012 Added by:Headlines

Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

A Field Guide to Post-UDID Unique IDs on iOS

May 10, 2012 Added by:Fergal Glynn

Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingSCADA Insecure Password Encryption

May 10, 2012 Added by:Infosec Island Admin

Researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passwords to the system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

RedKit Private Exploit Tool Emerges in the Wild

May 04, 2012 Added by:Headlines

"RedKit is armed with two of the most popular exploits... The first exploit is a fairly obfuscated PDF file that exploits the LibTIFF vulnerability..." The second is the "latest Java exploit, dealing with the AtomicReferenceArray vulnerability..."

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Applications Targeting Apple Products

May 03, 2012 Added by:Joel Harding

When I was told of a new mobile application distribution system which avoids Apple's scrutiny, my alarm antennas began quivering. Now combine this with who is doing it - Russian developers - and I get an even more dreadful feeling in the pit of my stomach...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingView DLL Hijack Vulnerability

May 02, 2012 Added by:Infosec Island Admin

Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application. WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

Data (In)Security Will Impact Presidential Election Race

May 02, 2012 Added by:Josh Shaul

Breaking into poorly protected government systems and revealing personal or financial information, stealing and posting lists of campaign donations, or corrupting electronic voting systems – these tactics are available to those with expertise and funding...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Popular Topics
Anonymous  Application Security  Attacks  Authentication  Cloud Computing  Cloud Security  Compliance  Cyber Crime  Cyber Security  Cyberwar  Data Loss  Data Loss Prevention  Encryption  Enterprise Security  Government  Hacktivist  Headlines  Industrial Control Systems  Information Security  Infosec  Infrastructure  Legal  Managed Services  Military  National Security  Network Security  PCI DSS  Passwords  Privacy  Risk Management  SCADA  Security  Security Awareness  Training  Vulnerabilities  breach  breaches  hackers  internet  malware 

Your Own Private Island

December 24, 2011
Coming Soon! Build your own Island right here!

Make your home Infosec Island with your own private vanity URL, design options and private network of followers.

Infosec Island v2

December 24, 2011
The latest version of Infosec Island is now available. There are more content options and more ways to connect and interact with your peers.

Thanks to everyone for a great year, and we're looking forward to an excellent 2012!
Latest Survey Results
2011 will be most likely be remembered for:
results