A $20 USB microcontroller that an attacker can wear around his neck can be used to weaponize mouse clicks and keyboard actions in an effort to install backdoors, evade firewalls and modify DNS settings within seconds, a researcher has demonstrated.
The ProClima configuration utility developed by Schneider Electric is affected by several command injection vulnerabilities, the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) reported on Tuesday.
Last week, the developers of Docker released new versions of the product to address several security issues, and they shared some information on the steps taken by the company to make the solution more secure.
A researcher has identified a stack buffer overflow vulnerability in Honeywell's OPOS (OLE for Retail Point-of-Sale) Suite, a solution that provides a standard programming interface for the integration of PoS hardware into retail PoS systems based on Microsoft Windows.
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
You need to identify your security shortcomings before someone else does. Simulate attacks and tests to associate known vulnerabilities, previous attack patterns, and security/network data to identify potential attack paths to your company’s most important data.
John Hultquist, Manager of Cyber Espionage Threat Intelligence at ISIGHT Partners, joins the podcast to talk about "NEWSCASTER," a cyber espionage operation that uses fictitious social media accounts to launch attacks.
The protection of connected ( Internet of Things) devices is likely better performed at a network level rather than an endpoint level due to the variety of devices that may exist and the limited endpoint security functions that can be supported.