Items Tagged with "Vulnerabilities"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities

July 02, 2012 Added by:Infosec Island Admin

Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Five Reasons Why You Need an Application Security Program

June 28, 2012 Added by:Fergal Glynn

Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Myth or Fact? Debunking the Biggest Information Security Myths

June 27, 2012 Added by:Tripwire Inc

Myths have existed throughout history in different cultures and times. The information security industry isn’t excluded from having its own share of myths. So, I got in touch with some European security professionals to share their views on some of the biggest security myths that need busting...

Comments  (1)

1a490136c27502563c62267354024cd5

Automated Vulnerability Assessments are not Enough

June 26, 2012

What we really need is a holistic approach to detect/validate vulnerabilities besides determining if the system complies with IS policies. An IS audit needs to be added to our set of activities to perform a complete security assessment. Let’s start by describing the IS Audit process from the very beginning...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Dangers of Scanning QR Codes: Interview with Eric Mikulas

June 25, 2012 Added by:Fergal Glynn

Consumers make the mistake of trusting unreadable QR codes (unreadable by humans) that could really take a person anywhere. With all the vulnerabilities that are discovered on a regular basis with smart phones, it is only a matter of time until we see an explosion in malware for mobile platforms...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Static Analysis: Hopper’s Decompiler Feature

June 22, 2012 Added by:Fergal Glynn

After reading this tutorial, hopefully binaries will appear less inscrutable and magical, and you will understand why reverse engineers laugh in the face of programmers who think no one will understand their awesome secret algorithm without the source code. Don’t count on “but it’s compiled” as a security feature...

Comments  (0)

E376ca757c1ebdfbca96615bf71247bb

Medical Device Security: This Time It’s Personal

June 22, 2012 Added by:shawn merdinger

The work done by security researchers on their own devices is only the beginning of what we can expect will be a deluge of medical device related vulnerabilities, and it’s worthwhile to explore some of the reasons as to why the current situation is the way it is now...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Wonderware SuiteLink Unallocated Unicode String

June 22, 2012 Added by:Infosec Island Admin

Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...

Comments  (2)

B64e021126c832bb29ec9fa988155eaf

The Five Most Important Reasons to Perform Network Auditing

June 21, 2012 Added by:Dan Dieterle

Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

State Sponsored IE Vulnerability and a Four Line MySQL Exploit

June 21, 2012 Added by:Headlines

Of the two latest Microsoft IE vulnerabilities, the first seems the most interesting. Rumored to be “State-Sponsored”, the vulnerability focuses on Gmail, MS Office and Internet Explorer. And as yet is still an active Zero Day exploit. Security software company Rapid 7 explains the vulnerability as follows...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

The Debate When it Comes to Monetizing Security Flaws

June 20, 2012 Added by:Lee Munson

Some people think that if you try to profit on your discovery, then no matter what your intentions are, the discovery could be used for non ethical goals. They think that it does not matter if it is a good guy or a bad guy who gets the information. They think that both parties have the potential for abuse...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

Companies Exposing Critical SAP Services to the Internet

June 19, 2012 Added by:Alexander Polyakov

For example, 212 SAP Routers were found in Germany which were created mainly to route access to internal SAP systems. SAP Routers themselves can have security misconfigurations, but the real problem is that 8% of the companies expose SAP Dispatcher services directly to the Internet, circumventing the SAP Router...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Internet Explorer Zero-Day Exploit in the Wild

June 18, 2012 Added by:Headlines

"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Building Secure Web Applications: An Infographic

June 14, 2012 Added by:Fergal Glynn

Neglecting to take security measures at the application layer is one of the most common causes of data breaches, yet many companies still leave their applications unprotected. Securing applications begins with developer training on the risks applications face and methods required for vulnerability prevention...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »