On May 14th, Microsoft surprised many security experts by announcing a patch for Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2 for a new remote code execution flaw that had been discovered in the remote desktop protocol (RDP) service. While it was not known to be exploited in the wild, like the WannaCry vulnerability before it, Microsoft advised all users of their older, and in some cases, no longer supported, versions of Windows to apply their patches as soon as possible, as attacks targeting the vulnerability were not far behind, since it was possible to decompile the patch and reverse engineer just how the originally identified attack worked.
Once upon a time, a fox encountered a hedgehog. Startled, the hedgehog rolled into a ball. Fox then laughed at this sight, and said: "Hedgehog, that is the silliest thing I have ever seen. Surely if you were as clever as I am, you would have hundreds of ways to protect yourself.
Road bumps in the penetration testing process can result in increased delays that can negatively impact the business and cause further delays to the discovery and remediation of risks. From our observations, there are three things that can cause unnecessary delays.
OpManager offers comprehensive network monitoring capabilities that help you monitor network performance, detect network faults in real time, troubleshoot errors, and prevent downtime. It is found that the service suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of their choice. This service runs as Localsystem thus allowing for a privilege escalation vector.
Security experts are pushing digital users towards more secure password solutions, like the wider use of multi-factor authentication, or towards one-time pads, yet we still haven’t seen anything truly replace passwords yet. Here we look at an overview of the password and how it may change in the future.
Personal devices access and store personal information that may cause difficulties if the device becomes lost or stolen. In order to protect their devices, friends and family should be encouraged to enable drive encryption.
Security assessments communicate a point in time collection of the security vulnerabilities found in an assessment so that the discovered risks can be recreated and properly mitigated. To effectively communicate the assessment results, there are 6 things a solid report must include.
We are pleased to announce that Prescient Security will host a Capture the Flag (CTF) event at InfoSec North America on November 14-15. Stop by the CREST interactive booth area to see if you’ve got the skills to find all of the flags and win prizes!
HIPAA, Sarbanes Oxley Act (SOX), and PCI/DSS (Payment Card Industry) compliance standards address completely different aspects of your network and information, but a gap in either can cause serious pain for any company.