Archive for vulnerability

You are browsing the archives of vulnerability.

Zero Day Vulnerabilities Have No Patch Yet

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

Stop Using Quicktime for Windows

Quicktime for Windows is no longer being supported by Apple, but new vulnerabilities have been disclosed that include the possibility for “remote code execution”. This means exploits can likely take over control of a computer running Quicktime for Windows. The United States Computer Emergency Readiness Team (US-CERT), Trend Micro, and other security organizations have called […]

CRITICAL SECURITY VULNERABILITY – “heartbleed”

A bug in the OpenSSL protocol that encrypts and protects our web page logins and passwords has been discovered and was announced on April 7, 2014. Web servers are being patched rapidly to close this hole. But in the meantime, our passwords and other important credentials (certificates and keys) may have been revealed. The vulnerability […]

Shodan – Hackers Search Engine

Shodan is a hackers search engine that can help you find any device connected to the internet. Shodan: Search Engine for Hackers – [youtube.com] Shodan has been getting a lot of publicity lately as a “scary” search engine that can be used to facilitate hacking. Annie explains how the site works, and talks with Shodan […]

Security Metrics for Clouds

A previous article here on general Security Metrics (see link below) outlined some key security controls for measurement: CM-8 INFORMATION SYSTEM COMPONENT INVENTORY RA-5 VULNERABILITY SCANNING SI-4 INFORMATION SYSTEM MONITORING SI-3 MALICIOUS CODE PROTECTION AU-6 AUDIT REVIEW, ANALYSIS, AND REPORTING SI-2 FLAW REMEDIATION IR-5 INCIDENT MONITORING CM-3 CONFIGURATION CHANGE CONTROL CA-5 PLAN OF ACTION AND […]

The Bluetooth Dilemma

This article describes how criminals have begun to integrate bluetooth technology into card reader skimmers to make it more effective for them to collect stolen card information. Josh Wright is an expert on bluetooth and wireless security in general and is a Senior Instructor at the SANS Institute, where he authored (and often teaches) the […]

Software Assurance Tools

Software Assurance deals with making sure that software acts as it was intended and is free from vulnerabilities. Too often these days, our software is distributed while it is still filled with undiscovered flaws that attackers may be able to use to penetrate our systems. It is far more cost effective to spend the time […]

Patch and Vulnerability Management

NIST 800-40 “Creating a Patch and Vulnerability Management Program” describes the functions and processes that a patch and vulnerability management program should cover in order to maintain effective security. Importance of patch management As operating systems, applications and utility tools continue to manifest exploitable flaws, rapid application of security patches becomes critical to security. Attackers […]

SMB2 Threat

The SMBv2 vulnerability that has been lurking for several weeks now has exploit code available from both Canvas and Metasploit: Remote exploit released for Windows Vista SMB2 worm hole – [zdnet.com] [Canvas] Security researchers at penetration testing firm Immunity have created a reliable remote exploit capable of spawning a worm through an unpatched security hole […]

Federal Cyber-Security

NIST (National Institute of Standards and Technology) has provided Federal Agencies with all the tools they need to get cyber-security done right. But obviously, it’s not being done right yet at most agencies. Why not? Failure to understand the threat level – this was certainly once the top problem… maybe not so much anymore with […]