Blog Posts Tagged with "vulnerability"
SAP Cyber Threat Intelligence Report – March 2017
March 17, 2017 Added by:Alexander Polyakov
SAP has released the monthly critical patch update for March 2017. This patch update includes 35 SAP Notes (28 SAP Security Patch Day Notes and 7 Support Package Notes).
Comments (0)
SAP Security Notes June 2016 - Review
June 15, 2016 Added by:Alexander Polyakov
SAP's monthly critical patch update for June 2016 closes 21 vulnerabilities in SAP products including 15 SAP Security Patch Day Notes and 6 Support Package Notes.
Comments (0)
The 2015 ICS Cyber Security Conference
September 18, 2015 Added by:Joe Weiss
The 2015 ICS Cyber Security Conference will be October 26-29 at the Georgia Tech Hotel and Conference Center in Atlanta (www.icscybersecurityconference.com ). This will be the 15th in a series that began in 2002. The Conference will have some new twists, but will also stay true to its roots - ICS cyber security and what makes ICS cyber security different. Specifically, there will be....
Comments (0)
Microsoft Patches Critical IE Flaw Exploited in the Wild
August 18, 2015 Added by:Mike Lennon
Microsoft issued an emergency out-of-band update to fix a critical vulnerability (CVE-2015-2502) being actively exploited in the wild and affecting all versions of Internet Explorer from IE 7 through 11.
Comments (0)
Flaws in Secure Messaging App Telegram Expose Chats
February 23, 2015 Added by:Eduard Kovacs
Telegram, the popular cross-platform messaging app said to be built with a focus on speed and security, is plagued by some serious vulnerabilities that can be exploited to gain access to users’ messages, researchers reported on Monday.
Comments (7)
What We Know About Shellshock and Why the Bash Bug Matters
September 26, 2014 Added by:InfosecIsland News
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Comments (0)
Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems
August 19, 2014 Added by:Mike Lennon
TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.
Comments (0)
New IE Zero-Day Used in Attacks Against Defense, Financial Sectors
April 27, 2014 Added by:InfosecIsland News
Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.
Comments (0)
Apple Fixes iOS SSL Validation Flaw That Enables Man-in-the-Middle Attacks
February 21, 2014 Added by:Mike Lennon
Apple has released iOS 7.0.6 which patches a flaw in iOS that enables a man-in-the-middle attack of encrypted (SSL) connections
Comments (1)
iOS 7 Bug Allows Find My iPhone Feature to be Disabled
February 07, 2014 Added by:Anthony M. Freed
Security researcher Bradley Williams has discovered a flaw in iOS 7 that could allow the disabling of the Find My iPhone feature without having to enter a password, but reports indicate that iOS 7.1 is not susceptible.
Comments (1)
Android VPN Vulnerability Allows Data Interception in Plain Text
January 20, 2014 Added by:Anthony M. Freed
Security researchers at Ben Gurion University in Israel have disclosed the discovery of a vulnerability in Android devices that would allow an attacker to bypass VPN configurations to intercept what are intended to be secure communications.
Comments (0)
Office 365 Vulnerability Allowed Unauthorized Administrator Access
January 19, 2014 Added by:Anthony M. Freed
Security researcher Alan Byrne has disclosed a Cross Site Scripting (XSS) vulnerability in Microsoft Office 365 that would allow an attacker to obtain administrator privileges and access to the Email and SharePoint content across the network, as well as the ability to make configuration changes.
Comments (0)
OWASP Vulnerability Deep Dive: CSRF
October 30, 2013 Added by:Kyle Adams
While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.
Comments (0)
The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
May 23, 2013 Added by:Andy Willingham
Here we go again. Another security researcher who apparently thinks that he knows best because his feelings were hurt by Microsoft.
Comments (0)
ICS-CERT Alerts of Mitsubishi MX SCADA Vulnerability
April 03, 2013 Added by:Steve Ragan
ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.
Comments (0)
MongoDB Remote Command Execution Vulnerability: Nightmare or Eye-Opener?
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
Comments (0)
- How Does UC in the Cloud Impact Your Security Posture?
- How to Prevent Ransomware and Cyberattacks
- SAP Cyber Threat Intelligence report – July 2017
- WannaCry: How We Created an Ideal Environment for Malware to Thrive, and How to Fix It
- NotPetya — 'Ransomware' That Spreads like a Worm
- Convenience Comes at a Steep Price: Password Management Systems & SSO
- How Does Samba Compare to WannaCry?
- The Security Risk Within Smart Cities
- Follow the Money — Stemming Hacker Habits
- Survey Shows Employers under Pressure to Keep Mobile Workers Safe