Browsing Tag: vulnerabilities

CANCUN–For people who follow the developments in the security and research communities, it’s easy to get discouraged by the current state of affairs, given the rash of serious hacks on certificate authorities, military networks and companies such as RSA and VeriSign. But, if you think things are bad there, you may not want to look at what’s happening in the ICS and SCADA communities. It’s getting ugly early.

Read more...

CANCUN–The skill of attackers, combined with the difficulty and cost of finding and fixing vulnerabilities in software–especially after deployment–has reached the point that it’s now more effective and efficient for vendors to concentrate on making life more difficult for those attackers looking to exploit bugs.

Read more...

Researchers at the security firm M86 report that hackers have compromised hundreds of Web sites that use the WordPress content management system. The sites, mostly small Web pages and blogs, are being used to fool spam filters and redirect unwitting visitors to drive by download Websites that will install malicious software on vulnerable systems.

Read more...

Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a small possibility of exploitation by attackers.

Read more...

The Pwn2Own contest at the CanSecWest conference has become one of the landmark events on the calendar each year, as researchers gather with nervous vendors in a tiny room to see who can own which browser on which platform and how quickly. But this year’s contest will have a much different look than past editions, with participants vying for more than $100,000 in cash by amassing points over the course of three days.

Read more...

There’s an odd bit of behavior that some Windows systems will exhibit when certain kinds of installers are launched, automatically elevating the privileges of the installer process to system-level privileges. In theory, the issue shouldn’t be exploitable because at one point in the process the system will generate an MD5 hash of a DLL that’s to be loaded, and unless the attacker can replace that DLL with a malicious one that sports the same hash, an attack is impossible. But those constraints may not hold for all attackers, a researcher says.

Read more...