Marc Maiffret

Type: Person
Name: Marc Maiffret
First reported Oct 15 2014 - Updated Oct 15 2014 - 1 reports

Massive Oracle Security Update Lands on Microsoft Patch Tuesday

Microsoft and Oracle customers will have their hands full applying a spate of security updates that were issued today.Microsoft released eight security bulletins as part of Patch Tuesday, including critical updates for Internet Explorer, Windows and the ... [Published Security Week - Oct 15 2014]
First reported Sep 30 2014 - Updated Oct 01 2014 - 1 reports

Shellshock bug as big a threat as Heartbleed?

BOSTON - Hackers have launched attacks exploiting the newly identified Shellshock computer bug, researchers warned on Thursday, as news surfaced that an initial patch for the issue was incomplete, suggesting even updated systems were vulnerable.The attacks ... [Published Elliot Lake Standard - Sep 30 2014]
First reported Sep 28 2014 - Updated Sep 28 2014 - 1 reports

Shellshock: Bug that remained undetected for a quarter century

After Heartbleed , Shellshock is the second major blow to open source in the same year. The vulnerability that has existed for over 25 years affects Mac OS X, Linux and Unix systems allowing attackers to gain command line access of the server or system ... [Published DNA India - Sep 28 2014]
First reported Sep 26 2014 - Updated Sep 26 2014 - 1 reports

Web attacks exploit Shellshock bug

A series of attacks on websites and servers using the serious Shellshock bug has been spotted.Millions of servers use software vulnerable to the bug, which lets attackers run commands on that system.So far, thousands of servers have been compromised via ... [Published BBC - Sep 26 2014]
First reported Sep 26 2014 - Updated Sep 26 2014 - 1 reports

Re: Junk Hacking Must Stop!

Posted by Marc Maiffret on Sep 26 Fade to... A young girl, with greasy blonde hair, sitting in a dark room.The room is illuminated only by the luminescence of the Macbook Pro screen.Taking another long drag from her Benson and Hedges cigarette, the ... [Published Daily Dave - Sep 26 2014]
First reported Sep 25 2014 - Updated Sep 25 2014 - 1 reports

Hackers launch attacks exploiting 'Shellshock' bug in Bash software

BOSTON, Sept 25 (Reuters) - Hackers have launched attacks exploiting the newly identified "Shellshock" computer bug, researchers warned on Thursday, as news surfaced that an initial patch for the issue was incomplete, suggesting even updated systems were ... [Published CNBC - Sep 25 2014]
First reported Sep 19 2014 - Updated Sep 19 2014 - 1 reports

IE security blocks dated ActiveX controls

Some Internet Explorer versions have started to block ActiveX controls that are no longer in date – with the main purpose being to prevent exploitation of flaws and to protect data.A number of ActiveX controls don't update automatically, which enables ... [Published Acumin - Sep 19 2014]
First reported Sep 14 2014 - Updated Sep 15 2014 - 1 reports

Feds Threatened Yahoo With $250K-a-Day Fine Over User Data

NEWS ANALYSIS: Newly released documents show that Yahoo fought the U.S. government's requests to provide user information as part of the NSA's PRISM program.According to court documents released on Sept. 11, Yahoo resisted the U.S. government's initial ... [Published eWeek - Sep 14 2014]
First reported Sep 11 2014 - Updated Sep 11 2014 - 1 reports

4 hurdles to securing the Internet Of Things

Security is hard enough to master in the traditional enterprise network. Now add all types of devices on the Internet of Things, great (think cars) and small (think webcams and baby monitors), which were never built with cyber security in mind.Internet-connected ... [Published Information Week India - Sep 11 2014]
First reported Sep 10 2014 - Updated Sep 11 2014 - 1 reports

Internet Explorer security feature blocks outdated ActiveX controls

On Tuesday, versions of Internet Explorer began blocking out-of-date ActiveX controls – primarily as a way of preventing security flaws from being exploited and users from being compromised.The feature, which was discussed by Microsoft in August, works ... [Published SC Magazine US - Sep 10 2014]
First reported Apr 29 2014 - Updated Apr 30 2014 - 2 reports

Where’s the next Heartbleed Bug lurking?

The Heartbleed bug was discovered earlier this month in a piece of software called OpenSSL that is widely used to establish a secure connection between Web browsers and servers by managing the cryptographic keys involved. OpenSSL is an “open source” project, ... [Published ECN - Apr 30 2014]
First reported Apr 29 2014 - Updated Apr 29 2014 - 3 reports

Understanding Vulnerability Management

"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret. ... [Published CareersInfoSecurity.com - Apr 29 2014]

Quotes

"This is another Patch Tuesday that easily fuels future drive-by web attacks for the months ahead," said Marc Maiffret, CTO of BeyondTrust. "beyond just code execution there also exists the ability to bypass aslr (address space layout randomization) which is a helpful os security migration for exploitation. this aslr bypass can be used in conjunction with other vulnerabilities for more successful exploitation where it had might not been possible in the past. it should be noted that microsoft’s emet technology will help mitigate some of these attacks and even more importantly these client application vulnerabilities are a great reminder of the need for least privilege in making sure users are not running as administrator."
...as to what is vulnerable, but we just don't have the answers," said Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust. "this is going to unfold over the coming weeks and months."

More Content

All (18) | News (17) | Reports (0) | Blogs (1) | Audio/Video (0) | Fact Sheets (0) | Press Releases (0)
sort by: Date | Relevance
Massive Oracle Security Update Lands on Microso... [Published Security Week - Oct 15 2014]
Shellshock bug as big a threat as Heartbleed? [Published Elliot Lake Standard - Sep 30 2014]
Shellshock: Bug that remained undetected for a ... [Published DNA India - Sep 28 2014]
Re: Junk Hacking Must Stop! [Published Daily Dave - Sep 26 2014]
Web attacks exploit Shellshock bug [Published BBC - Sep 26 2014]
Hackers launch attacks exploiting 'Shellshock' ... [Published CNBC - Sep 25 2014]
IE security blocks dated ActiveX controls [Published Acumin - Sep 19 2014]
Feds Threatened Yahoo With $250K-a-Day Fine Ove... [Published eWeek - Sep 14 2014]
4 hurdles to securing the Internet Of Things [Published Information Week India - Sep 11 2014]
Internet Explorer security feature blocks outda... [Published SC Magazine US - Sep 10 2014]
Cybersecurity Expert Richard A. Clarke and LA C... [Published PRWeb - Jun 02 2014]
Where’s the next Heartbleed Bug lurking? [Published ECN - Apr 30 2014]
Where’s the Next Heartbleed Bug Lurking? [Published Technology Review - Apr 29 2014]
Understanding Vulnerability Management [Published CareersInfoSecurity.com - Apr 29 2014]
Understanding Vulnerability Management [Published HealthcareInfoSecurity.com - Apr 29 2014]
Understanding Vulnerability Management [Published GovInfoSecurity.com - Apr 29 2014]
NSA denies report that it used Heartbleed bug t... [Published San Jose Mercury News - Apr 12 2014]
BeyondTrust Chief Technology Officer Marc Maiff... [Published PRWeb - Apr 04 2014]
1
In Focus
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Content Volume
Document Volume
Network
Network

Blogs

sort by: Date | Relevance
Re: Junk Hacking Must Stop! [Published Daily Dave - Sep 26 2014]
Posted by Marc Maiffret on Sep 26 Fade to... A young girl, with greasy blonde hair, sitting in a dark room.The room is illuminated only by the luminescence of the Macbook Pro screen.Taking another long drag from her Benson and Hedges cigarette, the ...
1
Contact Us
Sales
Support


Freebase CC-BY Some image thumbnails are sourced from Freebase, licensed under CC-BY

Copyright (C) 2014 Silobreaker Ltd. All rights reserved.
The selection and placement of stories and images on any Silobreaker page are determined automatically by a computer program.
The time or date displayed reflects when an article was added to or updated in Silobreaker.