Threat Vectors for Criminals: Common Coding Errors and Open-Source Vulnerabilities

/in /von

By Jeff Shipley Coding errors in software products provide easy paths of entry for online criminals, who can exploit vulnerabilities to compromise systems or launch additional attacks and malware. As reported in the Cisco 2015 Midyear Security Report , certain types of coding errors consistently appear on lists of most common vulnerabilities. This raises an important question for vendors and security professionals: If the same coding errors are identified year in and year out, why aren’t these errors being mitigated? Buffer errors, input validation, and resource errors are []

Source:: Cisco Security Notice

Research Spotlight: Detecting Algorithmically Generated Domains

/in /von

By Talos Group This post was authored by Mahdi Namazifar and Yuxi Pan Once a piece of malware has been successfully installed on a vulnerable system one of the first orders of business is for the malware to reach out to the remote command-and-control (C&C) servers in order to receive further instructions, updates and/or to exfiltrate valuable user data. If the rendezvous points with the C&C servers are hardcoded in the malware the communication can be effectively cut off by blacklisting, which limits []

Source:: Cisco Security Notice