The Benefits of Exploiting Attackers’ Favorite Tools

library
crime | hacking | security

Network Computing
Darkreading

BLACK HAT USA 2017 — Symantec senior threat researcher Waylon Grange tells editor-in-chief Tim Wilson at the Dark Reading News Desk that malware authors and attackers write vulnerable code, too. What can security researchers learn from those flaws?

Watch the full two-day show and all 45 interviews at DarkReading.com/DRNewsDesk.

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

‘);
}

Comments

‘);
}

Live Events

Webinars

More UBM Tech
Live Events

Dark Reading Live EVENTS

0 Comments

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Darn – typed UNICORN instead of UNICODE.

Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Reports

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization’s security plans and strategies compare to what others are doing? Here’s an in-depth look.

14 Social Media-Savvy CISOs to Follow on Twitter

9 of the Biggest Bug Bounty Programs

2017 Pwnie Awards: Who Won, Lost, and Pwned

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2017-0290Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within …

CVE-2016-10369Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version…

CVE-2016-8209Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

googletag.display(‘div-gpt-ad-961777897907396673-15’);

Tweet This
[close this box]

Article source: https://www.darkreading.com/threat-intelligence/the-benefits-of-exploiting-attackers-favorite-tools/v/d-id/1329683?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Comments are closed.