fbpx

This website uses cookies to ensure you get the best experience. More Information...

SECURITY LABS

Obrela Security Industries Advisory (OSI-1501)

Advisory ID  OSI-1501 Description: The XML parser of Cisco Prime Service Catalog suffers from a vulnerability that could allow an authenticated remote attacker to either cause denial of service conditions (resources consumption) or retrieve sensitive data (local data access). Researcher: Alexis Dimitriadis (a.dimitriadis[a t]obrela[do t]com) Vulnerability: CVE-2015-0581: Cisco Prime Service Catalog XML External Entity Processing Vulnerability […]

READ MORE
Major Internet Explorer Vulnerability Publicly Disclosed Today

Update: As estimated, the community has responded to this public disclosure 4 days after it was announced. MS has been notified Oct-2014. CVE assigned is CVE-2015-0072. Today a vulnerability was disclosed (no CVE) on seclists.org by the security company called Deusen. The mechanics and PoC were also disclosed, proving that the same origin policy of […]

READ MORE
Using UDF in Penetration Testing Part 2

Before continuing, we are assuming – again – that we have already gained access to a MySQL administration interface (the way we did that, is out of the scope of this post) and we want to acquire a command shell in order to penetrate further into the system. Finally, we are assuming that the MySQL […]

READ MORE
Using UDF in Penetration Testing

During a penetration test, we might throw ourselves into a situation where we have SQL administrative access only. As usual, we want to dive deeper into the network. Sometimes the only way to accomplish that is to execute commands on the system that serves the current SQL server. If the server happens to be an […]

READ MORE
Cyprus Computer Society Conference Whitepaper

It appears that the external threats to an organization are increasing steadily, and may, in fact, be increasing more rapidly than is commonly reported. To combat cybercrime, a set of management procedures and an organizational framework for identifying, assessing and mitigating risks, is necessary. Rather than reacting to individual problems in an ad-hoc manner these […]

READ MORE
Cyber-Insurance

Today, infrastructure encompasses computer technology and key business processes and is increasingly web-based. Thus, the availability and security of computer networks and websites have become a critical component of an organization’s risk profile. Even though preventative security steps can be taken by companies, there is no silver bullet that can make businesses completely secure.  Insurance […]

READ MORE
Critical Infrastructure Protection

Information Security in critical infrastructures is a major challenge. Critical infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disasters, and negligence, leading to a loss of confidentiality, integrity and availability of critical infrastructure information assets. Vulnerabilities in critical infrastructure not only create risk for systems, networks, information and public trust […]

READ MORE
PKI Roadmap – A guideline for government institutions

PKI implementations have a great failure rate, statistically, due to absent or misplaced organizational structures, the role and the effectiveness of which is considered critical in the establishment of the relevant operational model, supporting policy and legal framework. The scope of this framework describes the delivery of PKI services by, and on behalf of, government […]

READ MORE
Lawful Interception

The need for protection of information, one of the most valuable assets in the modern society, has increased dramatically in the last decade. ‘However, hand by hand with any technological and economic advancement new fraud and crime-committing methods appear, targeting at our valuable information assets. Cryptography is one of the key technologies for ensuring confidentiality, […]

READ MORE