Tagged: microsoft

Thumbnail 0

TA15-119A: Top 30 Targeted High Risk Vulnerabilities

Original release date: April 29, 2015 Systems Affected Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL.  Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of targeted attacks are preventable [1] . This Alert provides information on the 30 most commonly exploited vulnerabilities used in these attacks, along with prevention and mitigation recommendations.

Thumbnail 0

White House Breach Gets Worse – Daily Security Byte EP.70

We keep learning more about the White House email breach from last year, and the news gets worse and worse. Today we learned the attackers may have had access to more of President Obama’s email correspondence than first suspected. Watch today’s vlog post to for the details, and to learn tips to protect your organization’s email

When automation does not help, (Thu, Apr 23rd) 0

When automation does not help, (Thu, Apr 23rd)

In a lot of web application penetration tests that Ive done in last couple of years I noticed that the amount of technical vulnerabilities (i.e. XSS or SQL injection) is slowly declining.Of course, this depends on developers awareness but also on frameworks that are used for development of such applications. One of the best (or worst, depending on the point of view) is definitely .NET (yeah, I know, it feels weird to say that Microsoft is best in something security related)

SB15-110: Vulnerability Summary for the Week of April 13, 2015 0

SB15-110: Vulnerability Summary for the Week of April 13, 2015

Original release date: April 20, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).

Thumbnail 0

Oracle Releases April 2015 Security Advisory

Original release date: April 15, 2015 Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. User and administrators are encouraged to review the Oracle April 2015 Critical Patch Update and apply the necessary updates