Blog Posts Tagged with "Attack Vector"


Understanding the Role of Multi-Stage Detection in a Layered Defense

May 08, 2018 Added by:Liviu Arsene

It’s important to understand that the increased sophistication of threats requires security technologies capable of covering multiple stages of attack.

Comments  (0)


Why Does Data Leak?

August 06, 2012 Added by:Danny Lieberman

Data is leaked or stolen because it has value. The financial impact of a breach is directly proportional to the value of the asset. The key attack vector for an event is people - often business partners working with inside employees. People handle electronic data and make mistakes or do not follow policies...

Comments  (0)


Medical Device Security: This Time It’s Personal

June 22, 2012 Added by:shawn merdinger

The work done by security researchers on their own devices is only the beginning of what we can expect will be a deluge of medical device related vulnerabilities, and it’s worthwhile to explore some of the reasons as to why the current situation is the way it is now...

Comments  (0)


Security: How Many People Does It Take?

June 01, 2012 Added by:PCI Guru

Doing the actual grunt work of security is just not sexy work. There is no doubt about that. Ensuring the security of networks 24x7x365 is very monotonous work. And it is monotony that is one of the primary reasons why organizations get breached. People get bored and they start to cut corners....

Comments  (1)


I Hope Edo is Worth the Privacy Risk

May 16, 2012 Added by:Keith Mendoza

About a week ago, I read about this new daily deal service called edo that ties to your bank account, and the first thing that came to my mind is “uh oh, another attack vector into my bank info”. Here are a list of features that are those potential attack vectors...

Comments  (2)


Don’t Forget about VoIP Exposures and PBX Hacking

April 24, 2012 Added by:Brent Huston

There are now a variety of tools, exploits and frameworks built for attacking VoIP installations and they are a target for both automated tools and manual hacking. Access to VoIP systems can provide a great platform for intelligence, recon, industrial espionage and toll fraud...

Comments  (0)


Can DNS Attacks Threaten the Internet on a Large Scale?

March 27, 2012 Added by:Alan Woodward

This attack is theoretically possible because the DNS is a hierarchy. At the top level are 13 servers. Disrupt them and you could disrupt the entire DNS network. Authorities know this and they put a lot of effort into ensuring that the DNS network can cope with a DOS attack...

Comments  (3)


Malicious Exploits: Hitting the Internet Waves with CSRF

March 13, 2012 Added by:Brent Huston

DHS ranks the CSRF vulnerability as the 909th most dangerous software bug, more dangerous than most buffer overflows. CSRF vulnerabilities can result in remote code execution with root privileges or compromise root certificates, completely undermining a public key infrastructure...

Comments  (0)


Build Your Security Portfolio Around Attack Scenarios

February 14, 2012 Added by:Danny Lieberman

In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...

Comments  (1)


Defending the Enterprise - Five Corporate Security Challenges

February 08, 2012 Added by:Rafal Los

You have to keep close tabs on your employees, your friends, your enemies and those you would never suspect, because threats are ever-present and overwhelming. Keep a level-head, because the evolution of threat doesn't mean it's any more scary today than yesterday...

Comments  (0)


Top Ten Java Frameworks Observed in Customer Applications

February 08, 2012 Added by:Fergal Glynn

One of the things we record when scanning applications is the presence of frameworks and other supporting technologies, and we’ve been at work mining that data to understand what developers use to build their applications. We’d like to share some of that research with you today...

Comments  (0)


A Conversation with Richard Clarke – Part I

January 31, 2012 Added by:Fergal Glynn

Chris Wysopal and internationally-renowned cyber security expert Richard Clarke discuss the changing cyber threat environment, the evolving cyber legislation landscape, and steps you can take to strengthen your organization’s resilience...

Comments  (0)


Social Business Trends for 2012

January 26, 2012 Added by:Steven Fox, CISSP, QSA

The use of social media by merchants could be targeted by hacktivists with a social agenda or by hackers with financial goals. If hackers aligned themselves with protesters, they could launch social media campaigns designed to influence the perception of a business...

Comments  (0)


Dynamic AJAX CSRF Attack Vector Vulnerability

January 09, 2012 Added by:Shay Chen

Many CSRF prevention mechanisms protect the user by requiring session-specific tokens or custom headers as additional input for action performing modules, and since "normal" CSRF can't analyze responses, these mechanisms prevent most of these attacks - until now...

Comments  (0)


The Cyber Security Casino: Betting with House Money

December 15, 2011 Added by:Kelly Colgan

Identifying threats is an offensive tactic. It’s a close monitoring of the system at hand and the cyber news media. It’s easier to be protective when you understand what kinds of hackers, criminal, or nation states are after your system’s data. Know how to handle toxic data...

Comments  (0)


Top Ten HTML5 Attack Vectors

December 09, 2011 Added by:Headlines

"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."

Comments  (0)

Page « < 1 - 2 > »