Tag: Vulnerabilities

What can we do to help developers learn about preventing incidence of SQLi vulns in their production applications? And what can we do about SQLi in legacy web applications or newer apps that were developed with SQLi vulnerabilities? This is a weekly...

If you’re a US shopper, there’s almost a 50% chance that your information was compromised in the Target breach. So how can fellow retailers and other enterprises avoid this fate?

Sandboxing isn’t a new concept; it’s been used in various forms for some time. Application sandboxes add one more layer of defense in the struggle to regain the right to peaceful enjoyment in our own networks.

The IBM X-Force Threat Analysis Service (XFTAS) reports on vulnerabilities that need to be brought to the attention of our customers. Such was the case in June of 2013. We found a report on a Plesk Control Panel vulnerability (CVE-2013-4878) and...

A look at vulnerabilities that allow for diverting the kernel execution flow in Windows. So is there any way to subvert the SMEP protection implementation in Windows 8/8.1? Can Return Oriented Programming (ROP) techniques be used to subvert the SMEP...

We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings (the one that is found on every Android device), Gmail, Google Now, DropBox and Evernote. To be more accurate, any...

If you are the typical enterprise, you potentially have tens of thousands of software vulnerabilities spread across thousands and thousands of machines in your network. The possibilities for using existing data to enhance your vulnerability...

The situation described here does not come from the ivory tower; instead it comes from the real world and shows how to rapidly and efficiently address a zero-day vulnerability. You are probably already overwhelmed with patching. Alternatively, you...

New research from IBM X-Force reveals top tactics behind today's cyber attacks. While vulnerability statistics, attack trends, and data breaches are all covered in detail, one of the more interesting points of discussion is a look at the psychology...

There are many similarities between gardening tips and some common sense security practices you can apply to your infrastructure. Here’s a list of five gardening tips juxtaposed with my version of a ‘end of summer’ to-do list to tidy up you...