Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Microsoft and Adobe released several patches today to plug security holes in their products. Adobe also introduced new JavaScript whitelisting capability in Adobe Reader and Acrobat X.
Microsoft's January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software.
In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update to address a recently disclosed hash collision vulnerability that affects various Web platforms industry-wide.
Several vendors are currently working to resolve a hash collision vulnerability, which if exploited can trigger a denial-of-service condition on multiple platforms.
Siemens has announced plans to patch a number of critical vulnerabilities in its SCADA software after a researcher accused the company of trying to brush the issue under the rug.
HP has issued a fix to security vulnerabilities recently discovered in upgradeable firmware in HP laser printers that could be compromised and modified by an attacker,
Microsoft said it is investigating reports of new Windows 7 bug that could be leveraged by attackers to run malicious code.
Adobe Systems plans to release a patch on Dec. 16 to close an Adobe Reader and Acrobat security hole at the center of an attack campaign on the defense industry.
Microsoft released13 security bulletins today for Patch Tuesday, including a patch for the security vulnerability exploited by both Duqu. Adobe meanwhile issued an update for its ColdFusion software for Windows, Mac and UNIX that closes a pair of cross-site scripting vulnerabilities in version 9.0.1 and earlier.
NT OBJECTives, an application security vendor based in Irvine, California, has released a new tool that not only scans for SQL Injection vulnerabilities, but also exploits them with just a few extra clicks.
- 1 of 12
- ››
FEATURES, INSIGHTS // Vulnerabilities
At a recent security conference, researchers demonstrated how they could spoof the energy usage reported from the meter to the utility. All of this is because the utility in question misconfigured its SSL.
Unfortunately, there is nothing new or novel against Point of Sale (POS) skimming attacks, only that they continue to happen in the age of smart embedded systems and PCI.
Utility companies are not used to thinking in terms of data security; they've been historically concerned with the protection of hardware like transformer stations, utility poles, and electric wires, as well as consumer fraud. But soon, they'll have to change their mindset.
Using parts that cost $10, researchers inserted custom hardware into the Diebold AccuVote TS that could read the touchscreen vote as well as alter the stored information.
Many security researchers are using open source Arduino boards for rapid prototyping of tools used in hardware analysis. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks.
Cars have become sophisticated mobile computers. And like all computers, automobiles can be hacked and compromised. Interconnectedness with other embedded systems and cellular networking or Internet connectivity can also introduce security flaws that may become exploitable.
A look at the four most prevalent attack techniques used by today's cyber attackers. These attack techniques include SQL Injection Attacks, Remote File Inclusion, Directory Traversal and Cross Site Scripting (XSS). Interestingly, three of the four techniques were used by LulzSec during their summer hacking rampage.
There’s been a lot of recent reflection on SCADA and Industrial Control Systems cyber security in the year following Stuxnet. Why is the current state of SCADA and ICS security the fault of Siemens, Alstom, Rockwell Automation, or any other control system vendor?
While organizations understand the stakes involved in leaving their systems un-patched, quite often they do not install patches in a timely manner. Is there a convenient and reliable way to bridge this gap?
Drawing parallels with the SCADA industry, researcher Jay Radcliffe gave a personal account of his experience of having Type 1 diabetes and how various devices he uses control his diabetes could be manipulated by "evil doers" at this week's Black Hat Conference.
- 1 of 3
- ››
Subscribe to SecurityWeek
- With an IPO In Sight, Palo Alto Networks Names New CFO
- Google Adds New Layer to Android Security
- Study Analyzes Fake Facebook Profiles vs. Real Users
- VeriSign Attackers Swiped Data from Servers, Management Left in the Dark
- Half of Fortune 500 and Government Agencies Infected With DNSChanger Malware
- It's Time to Open Our Eyes to Advanced Malware Protection
- AVG Technologies Set for $128 Million IPO Thursday
- Wave Systems Launches Cloud-Based Encryption Service
- Threat Intelligence Market to Reach $905 Million by 2014, Says IDC
- BlackBerry 7 Gets Government Security Stamp
Copyright © 2011 Wired Business Media. All Rights Reserved. Privacy Policy | Terms of Use
