Lucene search
K

36 matches found

Information Security Automation
Information Security Automation
added 2017/03/31 9:6 p.m.38 views

Programmers are also people who also make mistakes

It's the first part of our talk with Daniil Svetlov at his radio show "Safe Environment" or "Safe Wednesday" - kind of wordplay in Russian recorded 29.03.2017. We were discussing why Software Vulnerabilities are everyone's problem. Full video in Russian without subtitles is available here. I adde...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2016/06/10 12:0 a.m.28 views

Armadito Antimalware - Backdoor AccessBypass

Armadito Antimalware - Backdoor AccessBypass / Exploit Title : Armadito antimalware - Backdoor/Bypass Date : 07-06-2016 DD-MM-YYYY Exploit Author : Ax. Vendor Homepage : http://www.teclib-edition.com/teclib-products/armadito-antivirus/ Software Link : https://github.com/41434944/armadito-av Versi...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/09/24 3:31 p.m.16 views

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/09/23 8:53 a.m.57 views

Charney on Trustworthy Computing: 'I Was the Architect of These Changes'

Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about th...

9.3CVSS0.6AI score0.99945EPSS
Exploits33References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Pi3Web 2.0.2 SortName Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7787/info Pi3Web is prone to a buffer overflow vulnerability. This is due to insufficient bounds checking of URI parameters. This could be exploited to cause a denial of service or possibly to execute malicious...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Twilight WebServer 1.3.3 .0 GET Request Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8181/info It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2012/08/06 6:9 p.m.160 views

Microsoft Releases Attack Surface Analyzer Tool

Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...

9.3CVSS0.4AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2012/05/16 1:14 p.m.88 views

Microsoft's SDL Expands Beyond Redmond

It’s been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it’s had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and...

9.3CVSS8.8AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2011/12/30 2:20 p.m.13 views

Thinking About Software Security Holistically

While assessing software systems of all types a few common mistakes regularly come up. These aren’t mistakes that lead directly to vulnerabilities, but mistakes in how some software companies think about security, that can lead to invalid assumptions, and ultimately which can allow real security...

Exploits0References1
ThreatPost
ThreatPost
added 2011/08/25 5:52 p.m.13 views

Microsoft Releases New Versions of Software Security Tools

Microsoft has released new versions of several of its software security tools, including its Threat Modeling Tool and a pair of fuzzers. All of the tools are part of the company’s Security Development Lifecycle program, which it has been sharing with external organizations for a few years now...

0.5AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/03/31 4:24 p.m.12 views

Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP

In the more than nine years since Bill Gates’s Trustworthy Computing email kicked off Microsoft’s comprehensive, company-wide security initiative, the company has not only committed a tremendous amount of money and resources to the project but also has been quite open and public about the process...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/02/02 3:39 p.m.99 views

Microsoft Tries to Boost SDL Adoption

Microsoft is trying to boost adoption of the software security practices in its Security Development Lifecycle by releasing a revised set of instructions to make implementation of the process easier and faster. At the Black Hat DC conference on Tuesday, the company announced the release of its...

9.3CVSS0.2AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2009/11/24 7:41 p.m.6 views

Steve Lipner on the Microsoft SDL and Windows 7 Security

Dennis Fisher talks with Steve Lipner of Microsoft about the Security Development Lifecycle, changes in the threat modeling process and the security of Windows 7. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

1.1AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/11/12 7:8 p.m.60 views

Microsoft Pushes for Better Software Security Practices

WASHINGTON–Microsoft has spent several years and untold millions of dollars working on methods to write more secure and reliable software, and now the company is encouraging other organizations to make the same investment in software security. One of the outputs of the company’s software security...

9.3CVSS0.1AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2009/11/02 6:4 p.m.12 views

Microsoft: High Vulnerability Count is Sign of Success

Microsoft Corp. pours more money into software security than any other major vendor both because it has to and because it can. Yet for all the investments in security, the number of vulnerabilities discovered in the company’s products has increased over the years, prompting questions over whether...

1.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/04/03 7:26 p.m.12 views

Q&A: Dino Dai Zovi

Dino Dai Zovi has gained a reputation as one of the top Apple security researchers in the industry and is the author of a new book on Apple security, “The Mac Hacker’s Handbook.” In this interview, he talks about the state of Apple security, why the company hasn’t implemented better memory...

0.7AI score
Exploits0References4
Rows per page
Query Builder