Blog Posts Tagged with "vulnerability"

7d55c20d433dd60022642d3ab77b8efb

SAP Cyber Threat Intelligence Report – March 2017

March 17, 2017 Added by:Alexander Polyakov

SAP has released the monthly critical patch update for March 2017. This patch update includes 35 SAP Notes (28 SAP Security Patch Day Notes and 7 Support Package Notes).

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

SAP Security Notes June 2016 - Review

June 15, 2016 Added by:Alexander Polyakov

SAP's monthly critical patch update for June 2016 closes 21 vulnerabilities in SAP products including 15 SAP Security Patch Day Notes and 6 Support Package Notes.

Comments  (0)

201d6e4b7cd0350a1a9ef6e856e28341

The 2015 ICS Cyber Security Conference

September 18, 2015 Added by:Joe Weiss

The 2015 ICS Cyber Security Conference will be October 26-29 at the Georgia Tech Hotel and Conference Center in Atlanta (www.icscybersecurityconference.com ). This will be the 15th in a series that began in 2002. The Conference will have some new twists, but will also stay true to its roots - ICS cyber security and what makes ICS cyber security different. Specifically, there will be....

Comments  (0)

306708aaf995cf6a77d3083885b60907

Microsoft Patches Critical IE Flaw Exploited in the Wild

August 18, 2015 Added by:Mike Lennon

Microsoft issued an emergency out-of-band update to fix a critical vulnerability (CVE-2015-2502) being actively exploited in the wild and affecting all versions of Internet Explorer from IE 7 through 11.

Comments  (0)

Af7244bb99debb4a1152fa49a993a05c

Flaws in Secure Messaging App Telegram Expose Chats

February 23, 2015 Added by:Eduard Kovacs

Telegram, the popular cross-platform messaging app said to be built with a focus on speed and security, is plagued by some serious vulnerabilities that can be exploited to gain access to users’ messages, researchers reported on Monday.

Comments  (7)

Ffc4103a877b409fd8d6da8f854f617e

What We Know About Shellshock and Why the Bash Bug Matters

September 26, 2014 Added by:InfosecIsland News

Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.

Comments  (0)

306708aaf995cf6a77d3083885b60907

Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems

August 19, 2014 Added by:Mike Lennon

TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

New IE Zero-Day Used in Attacks Against Defense, Financial Sectors

April 27, 2014 Added by:InfosecIsland News

Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.

Comments  (0)

306708aaf995cf6a77d3083885b60907

Apple Fixes iOS SSL Validation Flaw That Enables Man-in-the-Middle Attacks

February 21, 2014 Added by:Mike Lennon

Apple has released iOS 7.0.6 which patches a flaw in iOS that enables a man-in-the-middle attack of encrypted (SSL) connections

Comments  (1)

6d117b57d55f63febe392e40a478011f

iOS 7 Bug Allows Find My iPhone Feature to be Disabled

February 07, 2014 Added by:Anthony M. Freed

Security researcher Bradley Williams has discovered a flaw in iOS 7 that could allow the disabling of the Find My iPhone feature without having to enter a password, but reports indicate that iOS 7.1 is not susceptible.

Comments  (1)

6d117b57d55f63febe392e40a478011f

Android VPN Vulnerability Allows Data Interception in Plain Text

January 20, 2014 Added by:Anthony M. Freed

Security researchers at Ben Gurion University in Israel have disclosed the discovery of a vulnerability in Android devices that would allow an attacker to bypass VPN configurations to intercept what are intended to be secure communications.

Comments  (0)

6d117b57d55f63febe392e40a478011f

Office 365 Vulnerability Allowed Unauthorized Administrator Access

January 19, 2014 Added by:Anthony M. Freed

Security researcher Alan Byrne has disclosed a Cross Site Scripting (XSS) vulnerability in Microsoft Office 365 that would allow an attacker to obtain administrator privileges and access to the Email and SharePoint content across the network, as well as the ability to make configuration changes.

Comments  (0)

514b2ac354098d84c07620f2591193b2

OWASP Vulnerability Deep Dive: CSRF

October 30, 2013 Added by:Kyle Adams

While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.

Comments  (0)

11146d62a6c31fb9fac8ac8ac991e08d

The Disclosure Debate Continues….. (part 1,453, 769) to be Continued

May 23, 2013 Added by:Andy Willingham

Here we go again. Another security researcher who apparently thinks that he knows best because his feelings were hurt by Microsoft.

Comments  (0)

A58bf865b185e0e3f665473bf8f3ca6d

ICS-CERT Alerts of Mitsubishi MX SCADA Vulnerability

April 03, 2013 Added by:Steve Ragan

ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?

April 03, 2013 Added by:Rohit Sethi

The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...

Comments  (0)

Page « < 1 - 2 - 3 > »