Items Tagged with "Vulnerabilities"


Automated Vulnerability Assessments are not Enough

June 26, 2012

What we really need is a holistic approach to detect/validate vulnerabilities besides determining if the system complies with IS policies. An IS audit needs to be added to our set of activities to perform a complete security assessment. Let’s start by describing the IS Audit process from the very beginning...

Comments  (0)


Dangers of Scanning QR Codes: Interview with Eric Mikulas

June 25, 2012 Added by:Fergal Glynn

Consumers make the mistake of trusting unreadable QR codes (unreadable by humans) that could really take a person anywhere. With all the vulnerabilities that are discovered on a regular basis with smart phones, it is only a matter of time until we see an explosion in malware for mobile platforms...

Comments  (0)


Static Analysis: Hopper’s Decompiler Feature

June 22, 2012 Added by:Fergal Glynn

After reading this tutorial, hopefully binaries will appear less inscrutable and magical, and you will understand why reverse engineers laugh in the face of programmers who think no one will understand their awesome secret algorithm without the source code. Don’t count on “but it’s compiled” as a security feature...

Comments  (0)


Medical Device Security: This Time It’s Personal

June 22, 2012 Added by:shawn merdinger

The work done by security researchers on their own devices is only the beginning of what we can expect will be a deluge of medical device related vulnerabilities, and it’s worthwhile to explore some of the reasons as to why the current situation is the way it is now...

Comments  (0)


ICS-CERT: Wonderware SuiteLink Unallocated Unicode String

June 22, 2012 Added by:Infosec Island Admin

Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string vulnerability causing a stack-based buffer overflow with proof-of-concept (PoC) exploit code that affects the Invensys Wonderware SuiteLink service (slssvc.exe)...

Comments  (2)


The Five Most Important Reasons to Perform Network Auditing

June 21, 2012 Added by:Dan Dieterle

Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...

Comments  (3)


State Sponsored IE Vulnerability and a Four Line MySQL Exploit

June 21, 2012 Added by:Headlines

Of the two latest Microsoft IE vulnerabilities, the first seems the most interesting. Rumored to be “State-Sponsored”, the vulnerability focuses on Gmail, MS Office and Internet Explorer. And as yet is still an active Zero Day exploit. Security software company Rapid 7 explains the vulnerability as follows...

Comments  (0)


ICS-CERT: WAGO I/O 750 Multiple Vulnerabilities

June 21, 2012 Added by:Infosec Island Admin

The reported vulnerabilities from DSecRG have been coordinated with WAGO. WAGO has determined that the vulnerabilities can be mitigated by adjusting system configurations of services not in use. WAGO has released a customer cybersecurity notification on best security practices its products...

Comments  (0)


The Debate When it Comes to Monetizing Security Flaws

June 20, 2012 Added by:Lee Munson

Some people think that if you try to profit on your discovery, then no matter what your intentions are, the discovery could be used for non ethical goals. They think that it does not matter if it is a good guy or a bad guy who gets the information. They think that both parties have the potential for abuse...

Comments  (0)


Companies Exposing Critical SAP Services to the Internet

June 19, 2012 Added by:Alexander Polyakov

For example, 212 SAP Routers were found in Germany which were created mainly to route access to internal SAP systems. SAP Routers themselves can have security misconfigurations, but the real problem is that 8% of the companies expose SAP Dispatcher services directly to the Internet, circumventing the SAP Router...

Comments  (0)


ICS-CERT: Innomate MGuard Weak HTTPS and SSH Keys

June 19, 2012 Added by:Infosec Island Admin

An independent research group has identified an insufficient entropy vulnerability in Innominate’s mGuard network appliance product line which could allow an attacker to obtain the credentials of administrative users and potentially perform a Man-in-the-Middle (MitM) attack...

Comments  (0)


Symantec: Internet Explorer Zero-Day Exploit in the Wild

June 18, 2012 Added by:Headlines

"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"

Comments  (0)


Building Secure Web Applications: An Infographic

June 14, 2012 Added by:Fergal Glynn

Neglecting to take security measures at the application layer is one of the most common causes of data breaches, yet many companies still leave their applications unprotected. Securing applications begins with developer training on the risks applications face and methods required for vulnerability prevention...

Comments  (0)


Disclosures: The Vulnerability of Publicly Traded Companies

June 12, 2012 Added by:Fergal Glynn

What we’ve been lacking is quantitative information that helps inform the debate around application security. We want to use this data to shape the conversation around application security so that our attention gets focused on the right things and our investments get made in the right areas...

Comments  (1)


ICS-CERT: Siemens WinCC Multiple Vulnerabilities

June 08, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Siemens WinCC application, and Siemens identified an additional vulnerability, that may allow an attacker to gain unauthorized access, read from, or write to files and settings on the target system...

Comments  (0)


EWI: The Internet Health Model for Cybersecurity

June 04, 2012

“A public health model encompasses several interesting concepts that can be applied to internet security. As use and reliance on the Internet continues to grow, improving Internet health requires all ecosystem members to take a global, collaborative approach to protecting people from potential dangers online”...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »