Items Tagged with "Vulnerabilities"
September 05, 2012 Added by:Dan Dieterle
Is the information legit? If so, why would an FBI agent have a list of twelve million Apple ID’s which in some cases can be used to access information just as a password would? And how did the hacker group exploit this particular agent’s laptop and recover information from it?
September 05, 2012 Added by:Fergal Glynn
When dynamic scanning engines were first designed they were primarily tools for penetration testers to use on a few select web applications deemed critical enough to warrant serious testing. But times have changed, every Internet facing application is now a potential attack surface...
September 03, 2012 Added by:Brent Huston
An organization who is using exposed Terminal Services for remote access or management/support, may be experiencing upwards of 48 attacks per day against their exposed remote access tool.
August 30, 2012 Added by:Brent Huston
Sadly, many web crawlers and index bots do not honor the rules of robots.txt. Nor do attackers who are indexing your site for a variety of attack reasons. Given the impacts that some of these indexing tools can have on bandwidth, CPU use or database connectivity, other options for blocking them are sometimes sought...
August 29, 2012 Added by:Alexander Polyakov
The most interesting thing is that the SAP HostControl is exposed to the Internet by many companies. Speaking numbers, 10% of companies that use SAP worldwide expose the SAP HostControl service to the Internet. I think you can imagine what can be done to those companies if hackers exploited this hole...
August 25, 2012 Added by:Tripwire Inc
One area that seems to be ignored is the infrastructure that supports increasingly cloud dependent mobile devices, possibly due to many not seeing server exploits and defenses as anything new. However, as the popularity of mobile devices push services such as the iCloud, exposure increases exponentially...
August 23, 2012 Added by:Brent Huston
Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...
August 23, 2012 Added by:Ben Rothke
Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...
August 19, 2012 Added by:Christopher Laing
Activities that threaten your business are the downloading and opening of attachments and Internet files that contain malicious software, and the electronic delivery/distribution of business sensitive information without encryption. This may done either accidentally or deliberately by a disgruntled employee...
August 19, 2012 Added by:Alexander Rothacker
So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...
August 17, 2012 Added by:Infosec Island Admin
Independent security researchers have identified multiple vulnerabilities in the Tridium Niagara AX Framework software including directory traversal, weak credential storage, session cookie weaknesses, and predictable session IDs, all of which can be exploited remotely...
August 16, 2012 Added by:Infosec Island Admin
Siemens has reported a privilege escalation vulnerability in the Siemens COMOS database application. Authenticated users with read privileges could escalate their privileges by exploiting this vulnerability. Thus, the attacker is able to gain administrator access to the database...
August 09, 2012 Added by:Danny Lieberman
Health information exchanges (HIE) enable the sharing of health records by physicians and other providers, enabling my family physician to see the results without getting up from her desk or without me shlepping paper or CD. Unfortunately, HIE are being modeled after the retail industry supply-chain model...
August 08, 2012 Added by:Rob Fuller
Explaining what goes through an attackers head when they get a shell is virtually impossible, even more so to generalize into a methodology, but I’ve tried to do that with the "Three P’s of Post Exploitation” - they are in a certain order for a reason, but certainly up to circumstance to what order is best...
August 07, 2012 Added by:Infosec Island Admin
Siemens has reported DoS vulnerabilities in the SIMATIC S7-400 V6 and SIMATIC S7-400 V5 PN CPU products. When specially crafted packets are received on Ethernet interfaces by the SIMATIC S7-400, the device can default into defect mode. A PLC in defect mode needs to be manually reset to return to normal operation...
August 06, 2012 Added by:Infosec Island Admin
Researchers identified an authentication bypass vulnerability leading to privilege escalation in the ICONICS GENESIS32 and BizViz applications whcih can allow an attacker to bypass normal authentication methods, granting full administrative control over the system...