Tech Republic Security
DECEMBER 22, 2015
This comprehensive guide includes everything you need to know about Apple's OS X El Capitan, including features, requirements, upgrade options, software updates, and more.
Scary Beasts Security
JULY 26, 2015
I just released vsftpd-3.0.3, as noted on the vsftpd home page. It's actually been almost three years(!) since vsftpd-3.0.2, so things do seem to be getting very stable and calming down. The exception to things getting very stable and calming down seems to be SSL over FTP, which has been a constant source of, uh, joy, for some time now. Some issues fixed relate to security and warrant describing here because I think they are interesting.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
JANUARY 31, 2015
19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.
NopSec
DECEMBER 4, 2015
According to FireEye, a U.S. based provider of next generation threat protection, it takes companies, on average, more than 200 days to detect they are being hacked. Couple that result with the 2015 Verizon Data Breach Investigations Report that found 99.9 percent of vulnerabilities were exploited over a year since they were disclosed, and you can see that protecting data from hackers is in a sublime state of disrepair.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Kali Linux
OCTOBER 14, 2015
Kali Sana Release Aftermath Kali Linux 2.0 has been out for a couple of months and the response has been great, with well over a million unique downloads of Kali 2.0 as a testament. Release day was somewhat hectic for us, as we did not anticipate the sheer volume of traffic … which we somehow always underestimate. In the first few days after the release of 2.0, we had ten times the download volume of 1.0 in a similar period, back in 2013.
Digital Shadows
NOVEMBER 23, 2015
One of the most active actors of the past several months has been a hacktivist group who identify themselves as. The post Crackas With Attitude: What We've Learned first appeared on Digital Shadows.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Spinone
AUGUST 17, 2015
Beware! The latest news of cyber security industry is more than disturbing. According to Imperva Hacker Intelligence Initiative report – a well known cyber security company – cybercriminals may now easily get access to all users’ files in cloud services such as Google Drive , Microsoft OneDrive, Dropbox, and Box, if they are able to get into the computer, on which the clients of these services are installed.
CompTIA on Cybersecurity
JULY 22, 2015
A security breach in this constantly connected world can mean anything from being inconvenienced to being extorted — and for businesses that don’t properly secure their networks it can mean massive losses in profits and time. At a time when it’s harder than ever to find highly skilled IT security staff, CompTIA’s 11th Annual Information Security Trends study shows data breaches cropping up with growing frequency, and recovery taking longer than ever before.
NopSec
DECEMBER 1, 2015
OpenVAS (Open Vulnerability Assessment Scanner) – is an open source security vulnerability scanner and manager. It is an open source fork of the commercial vulnerability scanner Nessus and it provides several options to manage distributed, remote, local scans and add several other specialized vulnerability scanners to the mix. Since OpenVAS 8 was released with improved Master-Slave support for better distributed and load-balanced scanning, NopSec decided to build a proof of concept securit
Kali Linux
AUGUST 10, 2015
Our Next Generation Penetration Testing Platform We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new [Kali Linux Dojo](](/docs/development/dojo-mastering-live-build/), which was a blast. With the help of a few good people , the Dojo rooms were set up ready for the masses - where many generated their very own Kali 2.0 ISOs for the first time.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Kali Linux
JULY 5, 2015
We’ve been awfully quiet lately, which usually means something is brewing below the surface. In the past few months we’ve been working feverishly on our next generation of Kali Linux and we’re really happy with how it’s looking so far. There’s a lot of new features and interesting new aspects to this updated version, however we’ll keep our mouths shut until we’re done with the release.
Kali Linux
MAY 25, 2015
For the latest information, please see our documentation on Docker Last week we received an email from a fellow penetration tester, requesting official Kali Linux Docker images that he could use for his work. We bootstrapped a minimal Kali Linux 1.1.0a base and registered it under our Kali Linux Docker account. A few minutes later, said fellow pentester was up and running with Metasploit and the Top 10 Kali Linux tools on his Macbook Pro.
Kali Linux
MAY 3, 2015
A short while ago, we packaged and pushed out a few important wireless penetration testing tool updates for aircrack-ng, pixiewps and reaver into Kali’s repository. These new additions and updates are fairly significant, and may even change your wireless attack workflows. Here’s a short run-down of the updates and the changes they bring.
NopSec
APRIL 29, 2015
This blog post is the first of a series documenting the journey into Machine Learning Algorithms NopSec is undertaking as part of Unified VRM data analytics capabilities. In our last sprint, as part of Unified VRM, we started using Machine Learning – [link] – to spot trends in past clients vulnerability data in order to abstract areas of the security program that need improvement in the future.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Kali Linux
APRIL 26, 2015
Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and
NopSec
APRIL 24, 2015
NopSec has just launched ThreatForce – a flagship security vulnerability search engine that makes it easy for security analysts to gain a consolidated view of vulnerabilities by CVE correlated with threat, exploit and other public sources. NopSec ThreatForce offers a summary and detailed results with correlation and links to: Exploit-DB and Metasploit DB of exploits All related patch links under different vendors covering Linux, Unix, Windows, and mobile OS flavors.
NopSec
APRIL 9, 2015
As part of the DevOps movement, it would be desirable to scan your web application for security vulnerability as part of the Continuous Integration loop or the minute a code change is detected. Now it’ s possible with NopSec Unified VRM Web Application module linked API. With the current release of Unified VRM – 3.4.7 – customers can call our RESTful API to automatically scan their web application assets based on a certain trigger event, such as: As part of script invoked in a
NopSec
MARCH 27, 2015
At NopSec, we are using vagrant and packer to spin up local dev environments and build our instances across the various hypervisor and cloud providers we use. We have packer scripts that build our VirtualBox and VMware images used in local development and our various instances used in our cloud providers. An issue I had to solve recently was how best to share development vagrant boxes within our team.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
NopSec
MARCH 27, 2015
Penetration tests are point-in-time adversarial tests aimed at testing the intrusion prevention, detection, and incident response capabilities and controls of an organization. Usually well-trained penetration testers produce reports including the attack vectors and exploits used to successfully attack the network / application and the related vulnerabilities / CVEs exploited during the penetration test.
NopSec
FEBRUARY 25, 2015
A couple of days ago I read an interesting article in the Tenable Network Security Blog — here — where the author was arguing that the number of security vulnerabilities detected in a network is not a good indicator of risk that the network itself is facing against motivated attackers and malware. In the above-mentioned blog post, the author states “Telling an organization that they have 10,324 vulnerabilities, whilst shocking, doesn’t convey the actual risks faced”
Kali Linux
FEBRUARY 8, 2015
After almost two years of public development (and another year behind the scenes), we are proud to announce our first point release of Kali Linux - version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid stability. For us, this is a real milestone as this release epitomizes the benefits of our move from BackTrack to Kali Linux over two years ago.
NopSec
JANUARY 27, 2015
Our partner Qualys discovered a new vulnerability nick-named “GHOST” (called as such because it can be triggered by the GetHOST functions) and worked with most of the Linux operating system distributions to patch it as of January 27th 2015. The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Elie
DECEMBER 10, 2015
Over the last two years, the number of encrypted emails received by Gmail has almost doubled, as I reported earlier on the Google security blog. This very encouraging trend is sadly accompanied with an increase of SMTP TLS downgrade attacks, which prevent encryption of emails in transit as discussed in our research paper on the state of email transport security.
Elie
AUGUST 29, 2015
Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.
Elie
APRIL 5, 2015
To celebrate the new Hearthstone extension, Blackrock Mountain, I’m releasing a Hearthstone 3D card viewer written in pure Javascript. I feel Blackrock Mountain’s release is the perfect opportunity to showcase HTML5’s top notch performance and inspire more people to do cool visualizations on the web. With well over 500 cards, it’s high time to create a tool with powerful filtering and attractive visualization to explore the cards in an interesting fashion that works both on desktops and tablets.
Digital Shadows
DECEMBER 18, 2015
In the world of cybercrime, malicious software (malware) plays an important role. But if you’re a cybercriminal, how do you. The post Criminal Services – Crypting first appeared on Digital Shadows.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Privacy and Cybersecurity Law
DECEMBER 17, 2015
The EU Parliament LIBE Committee has approved the Data Protection Reform package as reported by Privacy Laws and Business today. For […].
Digital Shadows
DECEMBER 11, 2015
An actor identifying itself as “Hacker Buba” recently claimed to have breached Invest Bank and posted purported customer and client. The post ‘Hacker Buba’: Failed extortion, what next? first appeared on Digital Shadows.
Digital Shadows
DECEMBER 10, 2015
In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how. The post Communicating Intelligence: The Challenge of Consumption first appeared on Digital Shadows.
NopSec
DECEMBER 9, 2015
According to recent research over 60 percent of survey participants stated their executives are only “somewhat” or “not at all” informed about the information security risk and threats their organizations face. In commenting on the results, I stated this lack of awareness is “astounding.” In an age where data breaches crowd the daily headlines, lack of awareness is no longer an excuse for executives.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
113 
Let's personalize your content