Blog Posts Tagged with "exploit"

Cddf97a969951d5d4db2728c7894524b

Evasive Malware on the Rise: Time to Stop Stealth Attacks in their Tracks

August 11, 2017 Added by:Eddy Bobritsky

We need to develop and implement creative solutions that are broadly effective at turning “easy target” endpoints into dead ends for hackers and their tricks.

Comments  (0)

3149cfd3449309d3982042756d81a157

Why Passwords Are the New Exploits

June 28, 2016 Added by:Nick Bilogorskiy

In the age of stolen passwords, compromised credentials are the easiest way in, simpler than phishing, malware or exploits. “Password confirmation” tools are now readily available to find reused passwords matching any website.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Flash Vulnerabilities Most Targeted by Exploit Kits in 2015

March 15, 2016 Added by:InfosecIsland News

Adobe’s Flash Player in 2015 was the dominant application in terms of vulnerabilities targeted by exploit kits (EKs), with 13 of the 17 new flaws added to these malicious programs pertaining to the web plugin.

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Key Management Errors in RuggedCom’s ROS

August 23, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code by security researcher Justin W. Clarke can be used to decrypt SSL traffic between an end user and a RuggedCom network device...

Comments  (0)

71d85bb5d111973cb65dfee3d2a7e6c9

Attack with Power... Point That Is

August 16, 2012 Added by:f8lerror

There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Red Flag On Biometrics: Iris Scanners Can Be Tricked

August 02, 2012 Added by:Electronic Frontier Foundation

Among all the various biometric traits that can be measured for machine identification, the iris is generally regarded as being the most reliable. Yet Galbally’s team of researchers has shown that even the method traditionally presumed to be foolproof is actually quite susceptible to being hacked...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

KeePass Vulnerability Exposes Password Lists

June 28, 2012 Added by:Headlines

“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Researchers Crack RSA SecurID Tokens, Extract Keys

June 25, 2012 Added by:Headlines

"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it... Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous"...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware SuiteLink Unallocated Unicode String

June 22, 2012 Added by:Infosec Island Admin

Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...

Comments  (2)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Buffer Overflow

June 18, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept exploit code affecting Sielco Sistemi Winlog. The vulnerability is exploitable by sending specially crafted requests to TCP/46824 which could result in a denial of service and remote code execution...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

SUDOERS Commented Code Includes Use for Evil

May 31, 2012 Added by:Rob Fuller

When I started looking into appending or inserting lines into /etc/sudoers for CCDC, I happened upon an interesting function of that file. Near the end of the file there are two lines that look commented out, but in actuality are interpreted and acted upon, an evil way to stay hidden on a 'nix box...

Comments  (1)

Aadb52f9100e0d31264fb3ce9e3d2536

Flame: Implications vs. Speculation

May 30, 2012 Added by:Robert M. Lee

Attribution is incredibly hard to apply in the cyber domain, and even the most appealing pieces of evidence can be purposely misleading. The perception of attribution applied to a nation-state cyber attack can put tension on nation-state relationships, have an effect on deterrence, and cause real-world issues...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Flame: Another Holiday, Another Super Virus

May 29, 2012 Added by:Kevin McAleavey

Flame is huge - 20 modules and 20 megabytes. Strange that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years. The worm runs as a Windows service, and most of the files are visible, making this even more of a surprise...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

RedKit Private Exploit Tool Emerges in the Wild

May 04, 2012 Added by:Headlines

"RedKit is armed with two of the most popular exploits... The first exploit is a fairly obfuscated PDF file that exploits the LibTIFF vulnerability..." The second is the "latest Java exploit, dealing with the AtomicReferenceArray vulnerability..."

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

Installation of Vendor's Patch Does Not Guarantee Security

March 26, 2012 Added by:Alexander Polyakov

A vulnerability in Lotus Domino was quickly disassembled, and the resulting exploit employed, demonstrating that the existing patch could be bypassed by a critical 0-day vulnerability. The result was an attack on the Domino Controller service and a full server compromise...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Malicious Exploits: Hitting the Internet Waves with CSRF

March 13, 2012 Added by:Brent Huston

DHS ranks the CSRF vulnerability as the 909th most dangerous software bug, more dangerous than most buffer overflows. CSRF vulnerabilities can result in remote code execution with root privileges or compromise root certificates, completely undermining a public key infrastructure...

Comments  (0)

Page « < 1 - 2 > »