119 matches found
Hackers Cashing In On Healthcare Industry Security Weaknesses
SAN FRANCISCO – Cybercriminals are pushing boundaries in looking for new ways to cash in on the healthcare space – whether it is persuading desperate patients to download health information apps that actually infect their devices with malware, attacking hospitals with ransomware attacks or even...
Broadening the Scope: A Comprehensive View of Pen Testing
Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of...
Cynet's Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure
Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks. Among the common...
DCMS Practical Guidelines. Actionable information
The DCMS guidelines for IoT security are an excellent set of recommendations. They help developers secure devices by outlining the basic ways one can prevent common security weaknesses from being present in their devices and infrastructure. The recommendations are well thought out, and encourage...
The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
Vulnerability of the Server component: Security: Privileges of the MySQL database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component: Security: Privileges of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability may allow a malicious actor to cause service interruptions using the MySQL protocol...
The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
Argentinian Teen Becomes First to Earn $1M in Bug Bounties with HackerOne
A 19-year-old that goes by the handle “@trytohack” became the first white hat hacker to surpass $1 million in bounty awards on the HackerOne platform. The Argentinian researcher, whose real name is Santiago Lopez, started reporting security weaknesses to companies in 2015 on HackerOne, when he wa...
Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters
Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-hunter : kube-hunter is available as a...
Security of Solid-State-Drive Encryption
Interesting research: "Self-encrypting deception: weaknesses in the encryption of solid state drives SSDs": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are...
No need for lock picking tools
This is something I knocked up to show how terrible some locks are. I found this one in my garage. It was from when my wife and I went to a Download festival a couple of years back and is a lock from one of those paid-for secure storage places where you can leave your car keys, phone etc. Let's...
Iomega and LenovoEMC NAS Web UI Vulnerabilities - US
Lenovo Security Advisory: LEN-24224 Potential Impact: Privilege escalation Severity: High Scope of Impact: Lenovo specific CVE Indentifier: CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082 Summary Description:...
Iomega and LenovoEMC NAS Web UI Vulnerabilities - Lenovo Support US
No description provided...
Multiple AVM FRITZ!Box WPA2 Key Reinstallation Vulnerabilities - KRACK
WPA2 as used in several models of the AVM FRITZ!Box are prone to multiple security weaknesses aka Key Reinstallation Attacks KRACK. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Fear the Reaper, or Reaper Madness?
Last week we looked at reports from China and Israel about a new "Internet of Things" malware strain called "Reaper" that researchers said infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorde...
MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK
WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses aka Key Reinstallation Attacks KRACK. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
AgileBits 1Password 6.3.3 Multiple Vulnerabilities (macOS)
The version of AgileBits 1Password installed on the remote macOS or Mac OS X host is equal to 6.3.3. It is, therefore, affected by multiple vulnerabilities : - A security weakness exists in the internal web browser in which the default protocol that is used is set to HTTP. If a user visits a...
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES 3DES and Blowfish. Researchers are set to present new attacks against 64-bit ciphers tha...
Multiple ThinkServer System Manager (TSM) *50-series Security Weaknesses - Lenovo Support US
No description provided...
Black Box WordPress Vulnerability Scanner: WPScan
WPScan is a Black Box WordPress Vulnerability Scanner that attempts to find known security weaknesses within WordPress installations. The application is provided for security professionals or WordPress administrators to help them find security problems and vulnerabilities in their installations. ...