Four unnecessary risks that often appear in even the most secure networks, and step-by-step instructions on how to immediately address these considerable risks that can be hurting the security of our environment.

Our last post in the “Turn It Off!” blog series discussed some of the most common and yet unnecessary features that can make your environment more vulnerable, including JBoss JMX consoles, server banners and the Apache HTExploit. These risks are often encountered by our Vulnerability and Exposure Research Team (VERT), even on well-defended networks and many of which have been around for quite...

Download a Python based detection script for CVE-2014-0224 here.

Tripwire has announced the results of an extensive analysis of security vulnerabilities in Small Office/Home Office (SOHO) wireless routers.

To minimize wireless attacks, here are six basic router tips anyone should include in their security strategies/training protocols.

In preparation for my upcoming talk at BSides SF about finding vulnerabilities, I would like to share today some insights regarding two common types of vulnerabilities which leverage web browser in two unique ways. The goal of these vulnerabilities is quite different however. One is used to run untrusted code while the other is used to hijack authentication. The combined effect of these issues...

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation of mobile devices in the workplace and use of Wi-Fi...