Exploit This

Security News, Exploits, and Vulnerabilities.

50 hashes per hour

In this research we’ll be revisiting the USB port – this time in attempts to intercept user authentication data on the system that a microcomputer is connected to. As we discovered, this type of attack successfully allows an intruder to retrieve user authentication data – even when the targeted system is locked.

The Mistakes of Smart Medicine

A technological boom in medicine both encouraged medical institutions to use exclusively information systems in processing data and led to the emergence of new types of technological equipment and personal devices that can be used to interact with traditional systems and networks. This means that the threats that are relevant for them can also be relevant for medical systems.

Threat Landscape for Industrial Automation Systems, H2 2016

On average, in the second half of 2016 Kaspersky Lab products across the globe blocked attempted attacks on 39.2% of protected computers that Kaspersky Lab ICS CERT classifies as being part of industrial enterprise technology infrastructure.

Features of secure OS realization

There are generally accepted principles that developers of all secure operating systems strive to apply, but there can be completely different approaches to implementing these principles.

Deceive in order to detect

In addition to the basic methods and technologies developed to protect corporate networks, there are interactive methods of protection that not only detect an intruder in the infrastructure but also, under certain conditions, receive real-time information about their activities in the corporate network.

Malicious code and the Windows integrity mechanism

My goal wasn’t to review the techniques of elevating system privileges. Here, I wanted to look at the overall picture and talk about the whole range of Windows operating systems in all their diversity dating back to Windows Vista, but without discussing specific versions.

VDI: Non-virtual problems of virtual desktop security, and how to solve them for real

There is a much higher probability of encountering security issues with Virtual Desktop Infrastructure (VDI) than with virtualized servers. We are going to talk about VDI myths, specifics – and how to provide proper security for corporate VDI.

Disbanding the ‘Zoo’

Virtualized environments are exceptionally flexible, manageable, fault-tolerant and cost-effective. However, a number of difficulties have to be overcome to protect them from external threats. If this is not done successfully, problems will inevitably arise.

The Power of V&V

A secure system – especially a system that is used to provide security – has to be trusted. But what underpins that trust? What proof do we have that the main components of our trusted system are implemented properly and won’t fail at a critical moment?

Indicators of compromise as a way to reduce risk

“Indicators of compromise” help to use threat data effectively: identify malware and quickly respond to incidents. These indicators are very often included in threat reports. How should information system administrators use this data in practice?

%d bloggers like this: