Tag: Vulnerabilities

Think SQLi is Old News? Attackers Don’t!

What can we do to help developers learn about preventing incidence of SQLi vulns in their production applications? And what can we do about SQLi in legacy web applications or newer apps that were developed with SQLi vulnerabilities? This is a weekly...

Microsoft Patch Tuesday – January 2014

The Microsoft security update for January 2014 dishes up a relatively small collection of patches, but it's a valuable set. The KB2916605 patches for Microsoft Word and Web Applications fix three vulnerabilities, all of which provide Remote Code...

Six Month Old Vulnerability Exploit Attempt

The IBM X-Force Threat Analysis Service (XFTAS) reports on vulnerabilities that need to be brought to the attention of our customers. Such was the case in June of 2013. We found a report on a Plesk Control Panel vulnerability (CVE-2013-4878) and...

A New Vulnerability in the Android Framework: Fragment Injection

We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any...

Sharpening Your Security Intelligence Ax with Big Data

If you are the typical enterprise, you potentially have tens of thousands of software vulnerabilities spread across thousands and thousands of machines in your network. The possibilities for using existing data to enhance your vulnerability...

Taking on a Zero Day with Intelligence

The situation described here does not come from the ivory tower; instead it comes from the real world and shows how to rapidly and efficiently address a zero-day vulnerability. You are probably already overwhelmed with patching. Alternatively, you...