Lucene search
K

226 matches found

ThreatPost
ThreatPost
added 2018/10/12 9:9 p.m.57 views

ICS Security Plagued with Basic, Avoidable Mistakes

At least 33 percent of the security issues found in industrial control systems ICS are rated as being of high or critical risk. FireEye iSIGHT Intelligence compiled data from dozens of ICS security health assessment engagements performed by its Mandiant division, and found that these issues inclu...

0.1AI score
Exploits0References5
Akamai Blog
Akamai Blog
added 2018/09/18 12:29 p.m.22 views

Zero Trust Security Architectures

This introduction is Part 1 of a 5 part blog series. Jump to Part 2: Network Micro-Segmentation Jump to Part 3: Software Defined Perimeter Jump to Part 4: Identity Aware Proxy Jump to Part 5: Akamai's Approach to Zero Trust Introduction Most enterprises today operate hundreds of applications that...

7.4AI score
Exploits0
Akamai Blog
Akamai Blog
added 2018/08/21 3:12 p.m.44 views

How to evolve your enterprise network security to a zero trust architecture

In the land behind the firewall, build a fortress in the cloud. Let me explain. When I first started working in IT more than twenty five years ago, laptops and mobile phones were for the privileged few. Most people typically stayed in one place when they were online, in most cases using a desktop...

7.1AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/11 7:19 a.m.40 views

Data exfiltration techniques

Data exfiltration is the last stage of the kill chain in a generally targeted attack on an organisation. Whilst many excellent papers and tools are available for various techniques this is our attempt to pull all these together. This could also be used as a crib sheet for fellow pen testers who a...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2018/05/08 1:31 p.m.14 views

Wipers - Destruction as a means to an end

This whitepaper post is authored by Vitor Ventura and with contributions from Martin Lee In a digital era when everything and everyone is connected, malicious actors have the perfect space to perform their activities. During the past few years, organizations have suffered several kinds of attacks...

1.8AI score
Exploits0
Palo Alto Networks
Palo Alto Networks
added 2017/12/06 12:5 a.m.641 views

Vulnerability in PAN-OS and Panorama on Management Interface

Through the exploitation of a combination of unrelated vulnerabilities, and via the management interface of the device, an attacker could remotely execute code on PAN-OS or Panorama in the context of the highest privileged user. Ref PAN-61094 / PAN-80990 / PAN-80993 / PAN-80994 / CVE-2017-15944...

1.3AI score0.9834EPSS
Exploits13References1Affected Software1
0day.today
0day.today
added 2017/11/06 12:0 a.m.68 views

Debut Embedded httpd 1.20 - Denial of Service Exploit

Exploit for hardware platform in category dos / poc Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut...

7.8CVSS7.5AI score0.59386EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/11/02 12:0 a.m.52 views

Debut Embedded HTTPd 1.20 - Denial of Service

Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedded http server contains a remotely exploitable...

7.8CVSS7.6AI score0.59386EPSS
Exploits7
0day.today
0day.today
added 2017/10/25 12:0 a.m.52 views

Sonicwall WXA5000 1.3.2-10-30 Console Jail Escape / Privilege Escalation Vulnerabilities

Exploit for cgi platform in category remote exploits Title: Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Advisory ID: KL-001-2017-019 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-019.txt 1. Vulnerability Details Affecte...

6.7AI score
Exploits0
rapid7community
rapid7community
added 2017/05/15 7:57 p.m.36 views

Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)

Basics of Cyber Threat Intelligence Cyber Threat Intelligence is analyzed information about the opportunities, capabilities, and intent of cyber adversaries. The goal of cyber threat intelligence is to help people make decisions about how to prevent, detect, and respond to threats against their...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2017/05/08 12:0 a.m.3 views

PT-2017-3763 · Siemens · Hmi Mobile Panels +4

Name of the Vulnerable Software and Affected Versions: Siemens PROFINET DCP versions affected versions not specified SIMATIC HMI Multi Panels and HMI Mobile Panels affected versions not specified S7-300/S7-400 devices affected versions not specified Description: The issue is related to insufficie...

7.1CVSS6.9AI score0.00906EPSS
Exploits0References10
Akamai Blog
Akamai Blog
added 2017/05/04 1:27 p.m.41 views

Akamai IT Challenge - 100 apps on EAA in 100 days

About a month or so ago I shared a quick video interview with Joe DeFelice. Joe is a Sr. Director Enterprise Security & Infrastructure Engineering here at Akamai. In the video Joe outlines a few of the major initiatives he and the team are working on, including moving towards eliminating the VPN...

6.8AI score
Exploits0
ICS
ICS
added 2016/11/08 12:0 a.m.189 views

Phoenix Contact ILC PLC Authentication Vulnerabilities

OVERVIEW Matthias Niedermaier and Michael Kapfer of HSASec Hochschule Augsburg have identified authentication vulnerabilities in Phoenix Contact’s ILC inline controller PLCs. Phoenix Contact GmbH & Co. KG has produced a mitigation plan that includes an update and recommended security practices to...

7.5CVSS0.8AI score0.11199EPSS
Exploits8References19
Lenovo
Lenovo
added 2016/07/22 12:0 a.m.29 views

POODLE: SSLv3 Vulnerability - Lenovo Support US

No description provided...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/12/15 8:37 p.m.10 views

Top 10 — 2016 New Year's Resolutions for Cyber Security Professionals

Billions of dollars are spent in securing business operations, and yet attackers still find ways to breach a network. With the ever increasing growth in security attacks across all threat vectors, you should consider these New Year’s resolutions to help solve your security challenges in 2016: 1...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2015/09/10 11:40 a.m.9 views

Chris Valasek Security of Things Forum Keynote

CAMBRIDGE, Mass. – Chris Valasek and Charlie Miller’s car hacking research put a crunching reality on Internet of Things security, moving it beyond almost clichéd discussions of smart refrigerators leaking inconsequential data, to hackers remotely manipulating car brakes. But Furby hacking matter...

0.4AI score
Exploits0
CISA
CISA
added 2015/07/31 12:0 a.m.12 views

Best Practices to Protect You, Your Network, and Your Information

The National Cybersecurity and Communications Integration Center NCCIC and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration...

6.8AI score
Exploits0References3
Packet Storm
Packet Storm
added 2015/05/03 12:0 a.m.60 views

Epicor Retail Store Help System 3.2.03.01.008 Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...

7.7AI score0.00632EPSS
Exploits1
Palo Alto Networks
Palo Alto Networks
added 2014/10/20 7:0 a.m.6 views

SSL 3.0 MITM Attack

A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...

3.4CVSS6.2AI score0.99999EPSS
Exploits7References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Camtron CMNC-200 IP Camera ActiveX Buffer Overflow Vulnerability

No description provided by source. Finding 1: Buffer Overflow in ActiveX Control CVE: CVE-2010-4230 The CMNC-200 IP Camera ActiveX control identified by CLSID DD01C8CA-5DA0-4B01-9603-B7194E561D32 is vulnerable to a stack overflow on the first argument of the connect method. The vulnerability can ...

9.3CVSS1.1AI score0.05661EPSS
Exploits5
Rows per page
Query Builder