KrebsonSecurity has a story discussion of an old intrusion. The Iron Dome manufacturers with its successful anti-missile shield found out during 2011-2012 Elisra Group, Israel Aerospace Industries, and Rafael Advanced Systems. The hackers “Comment Crew” stole sensitive documents from the networks of the manufacturers over the course of a year. including a 900 page … Read more
securelist has the story elasticsearch is an open source Cloud software running on a lot of cloud companies. As it is a search and analytics engine. But apparently it has a vulnerability which hackers are abusing. “ including a bot implementing some extraordinary DNS amplification DDoS functionality. Operators of these bots are currently active, … Read more
Bromium report has the information plus a lot more. Two items of note in the report: 1. the type of exploits occurring in IE, Java and Flash The security system of the Operating system(ASLR and DEP) was exploited in Zero-day attacks in Internet Explorer(IE). The new Adobe Action Script feature was exploited in Flash And … Read more
CSRF or Cross Site Request forgery is the highest likely method of attack Broken Authentication is second And cross-site scripting(XSS) is third SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types. The IBM report at X-Force blog recounts the challenges a web application scanner has as to … Read more
today Apple beat estimates: Deadline.com with 35.2 mil iPhones sold threatpost has the info about a “stream of data” on an iPhone It looks like Jonathan Zdziarksi, a forensic scientist and at Twitter: @JZdziarski. found a backdoor in iOS, it is supposedly used by Apple for troubleshooting, diagnostics and enterprise. Apple responded to … Read more