Lucene search
+L

745 matches found

The Coalfire Blog
The Coalfire Blog
added 2013/03/14 11:58 a.m.18 views

War on Passwords? Check with Your QSA First!

Passwords have long been the workhorse of user authentication schemes, and many security experts are speaking out on the need for more effective controls. It seems like hardly a week goes by when we dont see a password breach in the news...

1.9AI score
Exploits0
ThreatPost
ThreatPost
added 2013/02/13 5:5 p.m.12 views

GAO: FCC Network Fortification Project Fails

The Government Accountability Office has determined that the Federal Communications Commission failed to properly implement necessary security controls in the initial phases of its Enhanced Secured Networks project, and, as a result, FCC data remains vulnerable to “unnecessary risk of inadvertent...

1.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/01/15 2:22 a.m.11 views

Malware Infects Two Power Plants Lacking Basic Security Controls

During the past three months, unnamed malware infected two power plants’ control systems using unprotected USB drives as an attack vector. At both companies, a lack of basic security controls made it much easier for the malicious code to reach critical networks. In one instance, according to a...

1.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/07/23 6:12 p.m.8 views

Information of Nearly 4,000 Beth Israel Patients at Risk in Stolen Laptop Incident

The information of nearly 4,000 patients at Boston’s Beth Israel Deaconess Medical Center BIDMC may have been leaked according to a report from the Boston Globe over the weekend. A laptop was stolen from the Harvard-associated teaching hospital on May 22 that could yield the incomplete medical...

7.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2012/05/17 4:9 p.m.9 views

Author of LilyJade Facebook Plugin Ignores Facebook Cease-and-Desist

As the tech and investment banking worlds eagerly anticipate Facebook’s long-awaited initial public offering, the world’s largest social network is trying to put stops to a suspicious, but arguably benign, plugin. According to a Brian Krebs report, Dru Mundorff of Arizona is shamelessly selling t...

0.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2012/04/26 5:23 p.m.15 views

Facebook strengthens security with AntiVirus Marketplace

Facebook strengthens security with AntiVirus Marketplace Facebook has launched Anti-Virus Marketplace , a new portal to protect the social network's users.Members are being encouraged to download anti-malware programs which they can use at no cost for six months. Facebook is strengthening its...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2011/07/08 8:55 p.m.11 views

Lessons from Chicago: Bad Policy, Not Geopolitics, Enables IP Theft

One thing that CME Group, the company that runs the Chicago Mercantile Exchange, wants to make perfectly clear is that it places a “high value on protecting its intellectual property and trade secrets.” That was the clear message from CME following the arrest of an employee for stealing company...

7.7AI score
Exploits0References4
The Hacker News
The Hacker News
added 2010/12/28 1:2 a.m.8 views

Carriers Enhance Mobile Security to Combat Attacks and Breaches

Carriers, developers, and phone makers are rolling out new services and features to protect mobile devices from malicious attacks and data breaches. As people increasingly use smartphones for email, banking, and document access, the wireless industry is addressing mobile device security. Accordin...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2010/10/24 12:0 a.m.70 views

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2010/10/20 12:0 a.m.50 views

Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass

Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. Thi...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2010/10/06 1:30 p.m.8 views

Adobe Details Reader Protected Mode Sandbox

Adobe officials have said that the next version of Reader, one of the more popular and oft-targeted applications on the Internet right now, will have a sandboxing feature, and now the company is providing a detailed description of the new Protected Mode addition. Adobe’s Brad Arkin, the director ...

0.2AI score
Exploits0References6
ThreatPost
ThreatPost
added 2010/08/20 5:18 p.m.9 views

This Week in Security: Phantom Firefox Menace, Mass Domain Ownage and The Curious Case of IE6

There’s old, and there’s old. Internet Explorer 6 clearly falls into the latter category, but despite its advancing age, IE6 still holds a lot of sway in the enterprise, as new data that came to light this week. That’s not the only weirdness that reared its head this week, though. There was the...

6.9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2010/06/25 5:8 p.m.15 views

Android Also Gives Google Remote App Installation Power

The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on user...

0.9AI score
Exploits0References7
ThreatPost
ThreatPost
added 2010/04/05 7:27 p.m.21 views

Security Programs Focusing Too Much on Compliance, Study Finds

Enterprises are spending huge amounts of money on compliance programs related to PCI-DSS, HIPAA and other regulations, but those funds may be misdirected in light of the priorities of most information security programs, a new study has found. A paper by Forrester Research, commissioned by Microso...

0.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2010/03/02 12:0 a.m.35 views

Ubuntu Update for openoffice.org vulnerabilities USN-903-1

Ubuntu Update for Linux kernel vulnerabilities USN-903-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9031.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openoffice.org vulnerabilities USN-903-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

9.3CVSS0.8AI score0.14092EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2010/02/25 12:0 a.m.122 views

Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1)

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 Sebastian Apelt and Frank Reissner discovered that OpenOffice did not...

9.3CVSS7.8AI score0.14092EPSS
Exploits1References7
ThreatPost
ThreatPost
added 2009/11/18 4:58 p.m.10 views

NSA to Senate: '3 Steps Should Thwart 80% of Attacks'

Computer systems with proper security and network controls should be able to withstand about 80 percent of known cyberattacks, according to a senior National Security Agency official. Richard Schaeffer Jr., the NSA’s information assurance director, told the Senate Judiciary Committee’s Terrorism...

0.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/06/29 1:33 p.m.7 views

Is It Time to Stop Password Masking?

From SANS AppSec Street Fighter Blog Jason Montgomery I just ran across Jakob Nielsen‘s Alert Box post titled Stop Password Masking and wanted to provide some feedback from a security vs. usability perspective. I have great respect for Nielsen’s contribution to the usability of the web. Back in t...

0.2AI score
Exploits0References7
ThreatPost
ThreatPost
added 2009/06/19 7:36 p.m.10 views

MasterCard to Require On-Site Audits for Small Shops

From Computerworld Jaikumar Vijayan In a move that is unlikely to sit well with many merchants, MasterCard has quietly changed a key security requirement for all businesses handling between 1 million and 6 million card transactions annually. Starting Dec 31, 2010 companies that fall into this...

1.2AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/10/20 12:0 a.m.42 views

FreeBSD : linux-flashplugin -- multiple vulnerabilities (78f456fd-9c87-11dd-a55e-00163e000016)

Adobe Product Security Incident Response Team reports : Potential vulnerabilities have been identified in Adobe Flash Player 9.0.124.0 and earlier that could allow an attacker who successfully exploits these potential vulnerabilities to bypass Flash Player security controls. Adobe recommends user...

10CVSS5.5AI score0.08467EPSS
Exploits5References7
Rows per page
Query Builder