Vulnerabilities

TOP 10 PHP Scanners of Vulnerability

Automation is the name of the game in today’s world. People expect a quicker way of doing the job, meeting deadlines and settling commitments. The same goes for the security industry, the profession of system manager and web developers; automation reduces the time to complete tasks. PHP, a well-known web development language, is a very…

New OT Threat Intelligence Service FireEye Launches

This week FireEye unveiled a new risk intelligence service that focuses on OT and other applications that handle physical processes. According to the agency, Cyber Physical Threat Intelligence provides companies with background, information and functional evaluation of the threats to OT, ICS and IoT systems. Subscribers will receive information about malware, TTPs, threats, threat, vulnerabilities,…

How to Ensure that the Wannacry Patch is Properly Installed

They say WannaCrypt doesn’t infect XP machines but looks like the problem appears with no Wanna cry patch on Windows 7 machines. We saw the crippling cyber attack by paralyzing servers in the British hospitals, while the UK NHS claimed their devices had not been updated for WannyCry. During that time Microsoft’s argument was “that…

Damages from Malware

The damage caused by a virus or malware that infects a home PC or company device will range from small changes in your network’s traffic to total system break-up or data loss and more. The size of the damage is based on the objectives of the virus and in some cases, the effect on the…

Plundervolt Attack Uses Intel Chip Voltage to Steal Data

A recently reported attack targeting Intel processors uses CPU voltage changes to reveal data stored with Intel Software Guard Extensions (SGX). A group of researchers from University of Birmingham, UK; Graz University of Technology, Austria; and the imec-DistriNet Research Group of KU Leuven, Belgium, discovered the attack, known as the “Plundervolt” and followed as the…

Apps such as Slack And Dropbox are vulnerable to attack at the moment?

According to a recent survey, many global IT policymakers consider Corporate communication and collaboration (EC&C) apps as vulnerable to cyber attacks, such as Slack, Dropbox, etc. The survey was carried out by the Israeli cybersecurity firm Perception Point and comprised 500 respondents from various industries. The respondents are medium and large businesses with over 1000…

Most Important Test List for Network Penetration

Network Penetration Testing detects network vulnerabilities by identifying open ports, troubleshooting live networks, infrastructure and application banners. Testing enables the administrator to close unused ports, additional services, hide and/or customize banners, troubleshooting services and to calibrate the rules on the firewall. Let’s see how we conduct network penetration tests step by step using some popular…

Microsoft Zero-Day patches used in Korea-linked assaults

Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 flaws, including a Windows zero-day exploited in Chrome zero-day attacks. The Windows zero-Day patch is CVE-2019-1458, a privilege escalation flaw in the handling of objects in the storage of the Win32k component. Microsoft said an attacker can use the security hole to execute arbitrary…

Password Managers store passwords on hardware in plaintext

Three hardware-based password voults have been analyzed by a security researcher and credentials stored in plaint text and hardware resets survive. An investigation into these three stand-alone password managers discovered that data can be read directly from chips on the board through hardware hacking, explains security researcher Phil Eveleigh. RecZone Password Safe, FAST Passwords and…

Important Flaw in Industrial Switches Weidmueller Patches

Weidmueller has issued firmware updates to many of its operated industrial Ethernet switches to fix critical vulnerabilities, based in Germany. Weidmueller has six production facilities and a presence worldwide in 60 locations. According to the Cybersecurity and Infrastructure Security Agency of the DHS (CISA), the goods affected are used around the globe, particularly in key…