Vulnerabilities / Threats
1/7/2011
03:21 PM
Connect Directly
RSS
E-Mail
50%
50%

Tech Insight: Six Security Threats You Need To Know About

Security pros will have their hands full with revamped versions of current threats, while new ones also will bubble to the top

4. DLL Hijacking
One attack that resurfaced in 2010 was DLL hijacking. It has been called a couple of things, like binary planting or DLL preloading, but it has been a known issue for 10 years. What's interesting is that new research uncovered it as both an attack method for gaining control of a system and a method for malware to use as persistence. To make matters worse for security pros, new code released through the Metasploit Project made it incredibly easy to exploit. Microsoft has provided a few workarounds and fixes, but the issue has not been fixed fully because it affects many vendors. Exploit DB has been tracking vulnerable applications here.

5. Shodan
Shodan garnered a lot of attention last year when security researchers showed just how easy it was to find vulnerable systems on the Internet without scanning for them. With Shodan, they could leverage scans performed by someone else, and for a small cost export all of that data and feed it into their attack tools. Shodan's exposure of vulnerable SCADA devices was enough impetus for CERT to publish an advisory warning of the possible exposure. The popularity of the site for researchers and penetration testers will only help it grow further and end up exposing more services on systems worldwide that could be vulnerable. It's a reminder to many to know what's on your network and what's exposed to the world.

6. Embedded Systems
Embedded systems made their way to the spotlight as more attacks were focused on printers, smart meters, industrial control systems, and the like. The VxWorks vulnerabilities published in August demonstrated how easy it is to exploit fiber channel switches, printers, and SCADA devices that were easily found via Shodan. Of course, working with the vendor and understanding what, if any, network access these devices have is critical when deploying them because they could provide an easy entry point into your network.

The attacks that gained popularity in 2010 will stick around for a while; many are hard to fix or involve systemic issues that take more than technical workarounds to mitigate. And as always, staying up-to-date on the latest attacks is key. As a defender, you have to get it right every time, but an attacker needs to get it right only once.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.