Items Tagged with "Exploits"


7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities

July 16, 2012 Added by:Infosec Island Admin

Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...

Comments  (1)

54a9b7b662bfb0f0445d1661d7ed180b

Free Power on the Grid?

July 15, 2012 Added by:Jayson Wylie

Sometimes the wrong people get the code and use it maliciously. It is in the nation’s best interest to keep the power infrastructure safe and keep meters fool proof, but it depends on how effective a tool is to be able to effectively manipulate the technology to an individual’s own financial advantage...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Thousands of Sites Hacked with Plesk Zero Day Exploit

July 10, 2012 Added by:Headlines

"What is interesting is that most of our clients always used to be using CMSs (like WordPress, Joomla, etc), but lately we are seeing such a large number of just plain HTML sites getting compromised and when we look deeper, they are always using Plesk..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: WellinTech KingView and KingHistorian Vulnerabilities

July 09, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application which are exploitable remotely and could lead to arbitrary code execution, information disclosure, and denial of service...

Comments  (0)

4777ea0d573c51027a097399006f228a

On th3j35t3r's Project Looking Glass

July 05, 2012 Added by:ʞɔopuooq ʇuıɐs

There haven’t been a lot of ‘TANGO DOWNS’ over the last few months. I decided that I should concentrate on targeted intelligence gathering. I needed a way to get the real world identity of ‘the marks’ – be it Anons, Jihadists or forum admins. Over the last few months I have been running ‘Project Looking Glass’...

Comments  (3)

7d55c20d433dd60022642d3ab77b8efb

Critical Vulnerability in SAP Message Server: A Worldwide Scan

July 04, 2012 Added by:Alexander Polyakov

Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-Face Pro-Server EX Multiple Vulnerabilities

July 04, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, integer overflow, unhandled exception, and memory corruptions. Each of these vulnerabilities are remotely exploitable, and public exploits are known to target these vulnerabilities...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Blackhole Exploit Kit Upgrade Revealed

July 03, 2012 Added by:Headlines

"The Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain... The code then creates a hidden iframe, using the previously-generated domain as the source..."

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities

July 02, 2012 Added by:Infosec Island Admin

Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: GE Intelligent Platforms Proficy HTML Vulnerability

June 28, 2012 Added by:Infosec Island Admin

Andrea Micalizzi identified a command injection vulnerability in a third-party HTML help application used by some GE Intelligent Platforms Proficy products. GE identified a stack-based buffer overflow vulnerability that also existed in the same component. An attacker could exploit these vulnerabilities...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Dangers of Scanning QR Codes: Interview with Eric Mikulas

June 25, 2012 Added by:Fergal Glynn

Consumers make the mistake of trusting unreadable QR codes (unreadable by humans) that could really take a person anywhere. With all the vulnerabilities that are discovered on a regular basis with smart phones, it is only a matter of time until we see an explosion in malware for mobile platforms...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Request for Information: Social Engineering Using Social Media

June 25, 2012 Added by:Joel Harding

We’ve been saying for years that the human element is the weakest link in cybersecurity. Kevin Mitnick (out of prison now and doing well) was an extremely talented hacker but what set him apart was his research into potential victims and then having the audacity to social engineer them...

Comments  (1)

E376ca757c1ebdfbca96615bf71247bb

Medical Device Security: This Time It’s Personal

June 22, 2012 Added by:shawn merdinger

The work done by security researchers on their own devices is only the beginning of what we can expect will be a deluge of medical device related vulnerabilities, and it’s worthwhile to explore some of the reasons as to why the current situation is the way it is now...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

State Sponsored IE Vulnerability and a Four Line MySQL Exploit

June 21, 2012 Added by:Headlines

Of the two latest Microsoft IE vulnerabilities, the first seems the most interesting. Rumored to be “State-Sponsored”, the vulnerability focuses on Gmail, MS Office and Internet Explorer. And as yet is still an active Zero Day exploit. Security software company Rapid 7 explains the vulnerability as follows...

Comments  (0)

4ff49873e3fed9a24adf0d37ae00b780

The Debate When it Comes to Monetizing Security Flaws

June 20, 2012 Added by:Lee Munson

Some people think that if you try to profit on your discovery, then no matter what your intentions are, the discovery could be used for non ethical goals. They think that it does not matter if it is a good guy or a bad guy who gets the information. They think that both parties have the potential for abuse...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec: Internet Explorer Zero-Day Exploit in the Wild

June 18, 2012 Added by:Headlines

"While the exploit used in this attack has been referred to as being a zero-day due to reports of it being seen in the wild before the recent Security Bulletin Summary, zero-days are not commonly observed in attacks... this begs the question: will we see more zero-days being used in similar attacks?"

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »