Items Tagged with "Vulnerabilities"
April 05, 2013 Added by:Eric Byres
Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.
March 15, 2013 Added by:Eric Byres
After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.
March 04, 2013 Added by:Infosec Island
In these three new episodes of the Security Conversations Podcast, Ryan Naraine interviews Adobe's David Lenoe on Frustrations With "Partial Disclosure", Securosis CEO Rich Mogull on Mandiant's APT1 Report and Advanced Threat Actors, and Sourcefire's Yves Younan on Tracking 25 Years of Vulnerability Data.
March 01, 2013 Added by:f8lerror
Ever run into a test where you port scan and you just cannot remember what those ports are or if there is any vulnerabilities connected to them? Normally, I would just take the port do a search on Exploit-db.com.
February 21, 2013 Added by:Rohit Sethi
On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.
January 29, 2013 Added by:Infosec Island
Researchers at Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.
January 27, 2013 Added by:Tripwire Inc
One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...
January 03, 2013 Added by:Gary McCully
This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...
December 17, 2012 Added by:Keith Mendoza
ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...
December 14, 2012 Added by:Pierluigi Paganini
Security experts posted a video that demonstrates how it is possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV...
December 10, 2012 Added by:Michelle Drolet
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...
November 18, 2012 Added by:Pierluigi Paganini
"These comments describe extremely effective attacks can be realized, using fairly low complexity. It would be in the interest of public safety to take measures to reduce the vulnerability of Public Safety LTE, and lower the likelihood of an effective jamming attack..."
November 15, 2012 Added by:Fergal Glynn
FX did find hardcoded local bootloader passwords. These would require physical access and are the types of hardcoded passwords commonly found in networking gear and appliances. Yes a vulnerability but not likely nefarious...
November 15, 2012 Added by:Pierluigi Paganini
The news is circulating with insistence on the net, Skype is suffering from a vulnerability that can expose its users to serious risks, due this reason it has suspended the password reset process.The Russian Blog Pixus.ru published a post where it described a workaround to hijack the accounts of the famous application...
November 13, 2012 Added by:Rafal Los
It's human nature, and just the way we are wired... I know I can feel some of that on myself when I hear that phrase. I guess I would change it to be slightly more effective (or harder to dismiss) by adding "at this time" at the end of the sentence - although I doubt it would make too much of a different...