Items Tagged with "Vulnerabilities"


69dafe8b58066478aea48f3d0f384820

Symantec Internet Security Threat Report Summary

May 01, 2012 Added by:Headlines

"In addition to the 81% surge in attacks, the number of unique malware variants also increased by 41% and the number of Web attacks blocked per day also increased dramatically, by 36%. Greater numbers of more widespread attacks employed advanced techniques..."

Comments  (2)

6648b1abd4a9b964566c3690613f20a6

OpenX CSRF Vulnerability Being Actively Exploited

April 30, 2012 Added by:Mark Baldwin

This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Multi-Platform Malware Targets Both Widows and Mac OS

April 27, 2012 Added by:Headlines

"If the threat is running on a Mac operating system, it downloads a dropper type malware written in Python. However, if the threat is running on a Windows operating system, it downloads a standard Windows executable file dropper. Both droppers drop a Trojan horse program..."

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Securing Enterprise Communications Systems and Applications

April 27, 2012

Javvad Malik caught up with Rahul Sasi at Black Hat Europe 2012 to learn about securing automated enterprise communications systems and applications against sophisticated hacking attack techniques. Javvad's coverage of Black Hat Europe courtesy of Infosec Island and NETpeas...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: RuggedCom Weak Cryptography Vulnerability

April 27, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a default backdoor user account with a password with trivial encoding affecting RuggedCom RuggedSwitch and RuggedServer devices using Rugged OS. The vulnerability is exploitable by generating a password from known data about the device...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

AppSec Mistakes Companies Make and How to Fix Them

April 24, 2012 Added by:Fergal Glynn

We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Flashback - Are You Joking? There is No Malware for Mac!

April 23, 2012 Added by:Pierluigi Paganini

We must remember that in any software there will be vulnerabilities that could be exploited for criminal purposes. To give you an immediate idea of the malware available for the Mac environment, I produced a table that lists the main agents detected by a well known antivirus...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Analysis of the April 2012 CPU for the Oracle Database

April 23, 2012 Added by:Alexander Rothacker

It’s mid-April, so it’s Oracle CPU fallout time again. This CPU contains 88 fixes. Thirty-three in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

On Cyber Threats in the Mobile Environment

April 20, 2012 Added by:Pierluigi Paganini

Mobile threats should alarm private industry, as the risk of data exposure is high due the growth of the mobile sector. Cyber criminals and governments are aware of the value of information to be gained from our mobile devices and are showing an increased interest in the sector...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Javvad Malik on Hacking Tools and Ethics

April 20, 2012

Joshua Corman wrote a post in which he raises some valid points about tools like Metasploit. Naturally, the purpose such tools is to aid a security tester in finding vulnerabilities. However you cannot dictate if someone will use this for attack or defensive purposes...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities

April 20, 2012 Added by:Infosec Island Admin

ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...

Comments  (0)

1a490136c27502563c62267354024cd5

Understanding CSRF Attacks on Network Devices

April 19, 2012

Similar to vulnerabilities in applications on websites, there are also vulnerabilities in the admin panels of different network devices, including Cross-Site Request Forgery(CSRF)vulnerabilities where hackers attack users who have access to those network devices...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

On Buffer Overrun Vulnerabilities, Exploits and Attacks

April 19, 2012 Added by:Fergal Glynn

A Buffer overflow is a common software coding mistake. To effectively mitigate the vulnerability, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit them...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Oracle Releases Critical Patch Updates for April 2012

April 18, 2012 Added by:Headlines

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the April 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Siemens Scalance X Industrial Ethernet Vulnerability

April 18, 2012 Added by:Infosec Island Admin

Exploitation of the vulnerability allows an attacker to perform malicious actions which may lead to a denial of service condition or possible arbitrary code execution. These actions may ultimately impact the process environment in which the system is deployed...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Open Source Code in the Enterprise - Keys to Avoiding Vulnerabilities

April 18, 2012 Added by:Rafal Los

There is no debate in the open vs. closed source software question. Either can be made well, or poorly. Either open source or closed source can be relatively secure, or riddled with easy-to-exploit holes. We don't need to rehash this, but there appears to be some new data...

Comments  (0)

Page « < 8 - 9 - 10 - 11 - 12 > »