Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Vulnerability

Below you will find reports with the tag of “Vulnerability”

image from The Deserialization Problem

The Deserialization Problem

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. This article will provide background on the deserialization vulnerability, describe the limitations of the existing mitigation techniques and explain why Waratek’s Compiler Based solution is ideal in solving this problem.

(more available)
Added: March 26, 2019
image from Rating Companies on Third-Party Cyber Risk

Rating Companies on Third-Party Cyber Risk

This report offers insight into the need for a cyber risk ratings system.

Added: March 26, 2019
image from Prioritization To Prediction: Volume 3: Winning the Remediation Race

Prioritization To Prediction: Volume 3: Winning the Remediation Race

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. The second volume sought to apply and test that theoretical model using empirical data collected on billions of observed vulnerabilities. We ended the last report by analyzing vulnerability remediation timeframes across a sample of 12 firms. This third volume picks up where we left off and expands the analysis to roughly 300 organizations of different types and sizes. We leverage a technique called survival analysis to draw out important lessons about remediation velocity and capacity, concepts we explore and define during the course of this report. Overall, our goal is to understand what it means to survive—nay thrive—in the race of vulnerability remediation.” Read on to find out more.

(more available)
Added: March 16, 2019
image from Prioritization to Prediction: Volume 2: Getting Real About Remediation

Prioritization to Prediction: Volume 2: Getting Real About Remediation

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes.” Where is your strategy leading?” Read on to find out more.

(more available)
Added: March 16, 2019
image from Industry Cyber-Exposure Report: ASX 200

Industry Cyber-Exposure Report: ASX 200

Using information from Rapid7’s Project Sonar internet telemetry service, this report reviews several dimensions of demonstrated security controls for companies in the S&P 200 and ASX (Australian) stock indices.

(more available)
Added: March 16, 2019
image from Cybersecurity In The City: Ranking America's Most Insecure Metros

Cybersecurity In The City: Ranking America's Most Insecure Metros

From the report, “To generate this report, Coronet analyzed an enormous set of data comprised of both access and service threats. The data originated from Wi-Fi and cellular networks, devices spanning all operating systems and public network connectivity infrastructure. The data was aggregated and evaluated based on potential damage that could be caused by attackers and existing vulnerabilities in the 55 most populated DMAs, which together account for almost 70 percent of the entire U.S. population. The ranked results have been aggregated into regions which closely resemble Nielsen DMAs. Coronet ranked each city that was analyzed from most insecure to least vulnerable, with the most insecure cities scoring a 6.5 and above.” Read on to find out more.

(more available)
Added: March 16, 2019
image from Threat Report: Medical Devices

Threat Report: Medical Devices

This report takes a specific look back at connected medical device events that occurred in 2017.

Added: March 9, 2019
image from Watching You Through The Eyes Of Celia, A Telepresence Robot

Watching You Through The Eyes Of Celia, A Telepresence Robot

From the report, “Robotic telepresence is a next-generation technology that allows a person in one location to replicate himself in another. The remote person can see you, hear you, interact with you, and move all around your location. But wait a second! What if the person behind the robot is not who you think he is? What if the robot gets compromised, and now the attacker is watching you and your surroundings? In this whitepaper, all the findings learned while security testing a telepresence robot are presented, as well as the countermeasures implemented by the vendor.”

(more available)
Added: March 9, 2019
image from The State of Industrial Cybersecurity 2018

The State of Industrial Cybersecurity 2018

In June of 2018 Claroty asked the experts about the state of industrial cybersecurity. This paper discusses what they said.

(more available)
Added: March 9, 2019
image from SCADA And Mobile Security In The Internet Of Things Era

SCADA And Mobile Security In The Internet Of Things Era

From the report, “Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].” Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.”

(more available)
Added: March 9, 2019
image from Reducing Industrial Risk: 20 Experts Share Strategies For Managing OT Cybersecurity

Reducing Industrial Risk: 20 Experts Share Strategies For Managing OT Cybersecurity

The essays in this eBook provide a wealth of information and present an inside look at an aspect of cybersecurity that is still not well understood. I am certain that anyone responsible for critical industrial operations will benefit from the advice and experiences of those who have contributed to this eBook.

(more available)
Added: March 9, 2019
image from Commonalities in Vehicle Vulnerabilities

Commonalities in Vehicle Vulnerabilities

This paper is a follow-up to IOActive’s 2016 report1 on vehicle vulnerabilities. The goal of this paper is to revisit the topic using data from the past two years (2016, 2017) and to compare this information to previous findings to analyze how the industry is progressing.

(more available)
Added: March 9, 2019
image from Are You Trading Stocks Securely?

Are You Trading Stocks Securely?

This paper demonstrates vulnerabilities that affect numerous traders. Among them are unencrypted authentication, communications, passwords, and trading data; remote DoS that leaves applications useless; trading programming languages that allow DLL imports; insecurely implemented chatbots; weak password policies; hardcoded secrets; and poor session management. In addition, many applications lack countermeasures, such as SSL certificate validation and root detection in mobile apps, privacy mode to mask sensitive values, and anti-exploitation and antireversing mitigations.

(more available)
Added: March 9, 2019
image from Hacking Robots Before Skynet

Hacking Robots Before Skynet

From the Report, “This paper is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. While we assist the vendors in addressing the cybersecurity vulnerabilities identified, we want to describe the currently available technology, some of the threats posed by a compromised robot, and the types of cybersecurity issues we discovered. The goal is to make robots more secure and prevent vulnerabilities from being used maliciously by attackers to cause serious harm to businesses, consumers, and their surroundings.”

(more available)
Added: March 9, 2019
image from Go Nuclear: Breaking Radiation Monitoring Devices

Go Nuclear: Breaking Radiation Monitoring Devices

The purpose of this research is to provide a comprehensive description of the technical details and approach IOActive used to discover vulnerabilities affecting widely deployed radiation monitoring devices. Our work involved software and firmware reverse engineering, RF analysis, and hardware hacking.

(more available)
Added: March 9, 2019
image from IIC Endpoint Security Best Practices

IIC Endpoint Security Best Practices

This document recommends best practices for endpoint security in industrial applications under the broader scope of industrial internet security.

Added: March 9, 2019
image from Election System Security Under Scrutiny

Election System Security Under Scrutiny

This paper offers insight and direction to election officials seeking to assess the security of their entire election ecosystem.

Added: March 7, 2019
image from The Expanding Security Risks and Trends that Are Changing the Insurance Industry

The Expanding Security Risks and Trends that Are Changing the Insurance Industry

This document will examine the cyber risk trends that are of concern to the insurance industry, and introduce the RiskSense solution designed to address these challenges

(more available)
Added: March 7, 2019
image from Monthly Threat Round-up: September 2017

Monthly Threat Round-up: September 2017

From the report, “Welcome to the Monthly Threat Roundup report for Sept 2017. At Paladion CTAC we continuously track emerging threats and vulnerabilities and provide you timely actionable intelligence to stay safe. We provide threat related IOC for auto-download that can be directly integrated with your security devices. We also provide advisories on how to prevent, detect and respond to latest attacker techniques. This report summarizes the key observations and analysis done by the CTAC team. It also includes insights and analysis related to global threats and incidents of the past month. "

(more available)
Added: March 7, 2019
image from Monthly Threat Round-up:October 2017

Monthly Threat Round-up:October 2017

From the report, “Welcome to Paladion’s Monthly Threat Report for October 2017. At Paladion CTAC we continuously track emerging threats and vulnerabilities to bring you timely, actionable threat intelligence. We provide this intelligence in machine-readable format from our Threat Intelligence Feeds, which can be directly integrated with your security devices. We also provide advisories on how you can prevent, detect, and respond to the latest threats as they happen. This report summarises the key findings of the stated month. It also contains insights related to threats and incidents that we have analysed.”

(more available)
Added: March 7, 2019
image from Monthly Threat Round-up: November 2017

Monthly Threat Round-up: November 2017

Welcome to the Monthly Threat Roundup report for November 2017. At Paladion CTAC we continuously track the emerging threats and vulnerabilities and provide you timely actionable intelligence to stay safe. We provide machine-readable intelligence in the form of IOCs, which can be directly integrated with your security devices. We also provide advisories on how you can prevent, detect and respond to latest attacker techniques. This report summarises the key findings of the stated month. It also contains insights related to threats and incidents that we have analysed.

(more available)
Added: March 7, 2019
  • ««
  • «
  • 22
  • 23
  • 24
  • 25
  • 26
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 4, 2025 04:08 UTC (build b1d7be4)