Articles about pen testing

The City through the Barrier, photo: Gavin Clarke

Most FTSE 100 boards kept in the dark about cyber resilience plans

Only one in five FTSE 100 companies disclose testing of online business protection plans. Most (57 per cent) of FTSE 100 companies talk about their overall crisis management, contingency or disaster recovery plans within their annual reports but few in comparison mention cybersecurity. Just 21 per cent of UK Blue Chip …
John Leyden, 28 Mar 2018

New click-to-hack tool: One script to exploit them all and in the darkness TCP bind them

Python code has emerged that automatically searches for vulnerable devices online using Shodan.io – and then uses Metasploit's database of exploits to potentially hijack the computers and gadgets. You set this script running, it crawls the internet looking for machines that are possibly vulnerable to attack – typically due to …
Thomas Claburn, 31 Jan 2018
Dog and fence, mage via Shutterstock

Metasploit upgraded to sniff out IoT weakspots in corporate networks

Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments. Metasploit's hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. "The importance of RF …
John Leyden, 22 Mar 2017

Software exploits overrated - it's the humans you need to be watching

Video Weak passwords and phishing offer far easier mechanisms for breaking into most organizations than exploiting software vulnerabilities. A study by US cybersecurity firm Praetorian based on 100 penetration tests and 450 real-world attacks discovered that stolen credentials offer the best way into enterprise networks. Software …
John Leyden, 22 Aug 2016
bond_phone_shock_648

PINs easily pinched with iPhone-attached thermal imaging kit

A device which can be attached to smartphones is capable of stealing customers' PINs using thermal imaging, UK security consultancy Sec-Tec warns. Thermal imaging equipment – once the sole preserve of only the best-equipped attacker – is now available as a readily available iPhone accessory costing less than £200. The kit …
John Leyden, 21 Aug 2015
The Register breaking news

Hotspot sniffer eavesdrops on iPhone in real-time

People who use public WiFi to make iPhone calls or conduct video conferences take heed: It just got a lot easier to monitor your conversations in real time. At a talk scheduled for Saturday at the Toorcon hacker conference in San Diego, two security researchers plan to show the latest advances in the open-source UCSniff tool …
Dan Goodin, 23 Oct 2009
The Register breaking news

Man banished from PayPal for showing how to hack PayPal

PayPal suspended the account of a white-hat hacker on Tuesday, a day after someone used his research into website authentication to publish a counterfeit certificate for the online payment processor. "Under the Acceptable Use Policy, PayPal may not be used to send or receive payments for items that show the personal …
Dan Goodin, 6 Oct 2009
The Register breaking news

White hats release exploit for critical Windows vuln

White-hat hackers have released reliable code that remotely exploits a critical vulnerability in the Vista and Server 2008 versions of Microsoft's Windows operating system. The exploit code, released Wednesday by security firm Immunity, came as separate researchers with the Metasploit penetration testing project said they were …
Dan Goodin, 16 Sep 2009
fingers pointing at man

Microsoft security tools give devs the warm fuzzies

Microsoft has released a general-purpose software tool for assessing the security of applications, part of a growing suite of free offerings designed to help third-party developers design safer programs. Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an …
Dan Goodin, 16 Sep 2009
The Register breaking news

Apple security lags (again) with critical Java patches

Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago. The patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20, and 1.4.2_22, which …
Dan Goodin, 4 Sep 2009
The Register breaking news

TJX suspect indicted in Heartland, Hannaford breaches

Federal authorities have charged a previously indicted hacker with breaching additional corporate computers and stealing data for at least 130 million credit and debit cards, the biggest identity theft case ever prosecuted in the United States. Albert "Segvec" Gonzalez and two unnamed Russians were indicted on Monday for …
Dan Goodin, 17 Aug 2009
The Register breaking news

Obama loses (another) cybersecurity bigwig

Updated Yet another high-ranking government official in charge of securing the country's computer networks has resigned. This time, it's the head of the US Department of Homeland Security's Computer Emergency Readiness Team. Mischel Kwon submitted her letter of resignation last week, according to The Washington Post. The report cited …
Dan Goodin, 10 Aug 2009
The Register breaking news

XML flaws threaten 'enormous' array of apps

Updated Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers. The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML …
Dan Goodin, 6 Aug 2009
The Register breaking news

cPanel, Netgear and Linksys susceptible to nasty attack

Defcon If you use cPanel to administer your website or certain Linksys or Netgear devices to route traffic over your wireless network, you're susceptible to web-based attacks that could take complete control of your systems, two security researchers said Saturday. All three wares contain CSRF, or cross-site request forgery, holes …
Dan Goodin, 2 Aug 2009
The Register breaking news

Surveillance camera hack swaps live feed with spoof video

Defcon Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated …
Dan Goodin, 1 Aug 2009
Iphone

Hijacking iPhones and other smart devices using SMS

Black Hat Update: Apple says it has patched the vulnerability described below. The full story is here Researchers have uncovered a bevy of vulnerabilities in smart phones made by multiple vendors, including one in Apple's iPhone that could allow an attacker to execute malicious code without requiring the victim to take any action at all …
Dan Goodin, 31 Jul 2009
The Register breaking news

Meter insecurity raises specter of free parking hacks

Black Hat Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees. Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the …
Dan Goodin, 30 Jul 2009
The Register breaking news

Security elite pwned on Black Hat eve

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have …
Dan Goodin, 29 Jul 2009

Create a news alert about pen testing, or find more stories about pen testing.

Biting the hand that feeds IT © 1998–2018