Scary Beasts Security
FEBRUARY 3, 2013
Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome patches and autoupdates bugs pretty fast but this is a WebKit bug and not every consumer of WebKit patches bugs particularly quickly. So I've waited a few months to release a full breakdown of the exploit.
Elie
MARCH 7, 2013
Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Kali Linux
DECEMBER 7, 2013
We’re always on the lookout for and interesting ARM hardware for Kali Linux. Whether it’s a Galaxy Note or a USB stick sized SS808 , we want to see Kali run on it. You can therefore imagine our excitement, when we first laid our eyes on the Utilite pro. Utilite Pro is a quad core ARM cortex-A9 machine with up to 4 GB of RAM, up to 512 GB mSATA SSD , HDMI and DVI-D output, dual (2x) 1GB nics , a built in wireless card and 4 USB ports.
NopSec
MARCH 26, 2013
Penetration testing is one of the services that we offer NopSec customers. A vulnerability assessment and penetration test provide an excellent snapshot of an organization’s risk at a given point in time. By simulating a real-world attack, our Security Engineers actively attempt to exploit vulnerabilities and gain access to system resources without damaging or disrupting any of our customer’s production services.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Privacy and Cybersecurity Law
DECEMBER 17, 2013
Under the draft EU Data Protection Regulation, the proposal is to create a “one-stop-shop” for regulation. This means that data […].
Dark Reading
FEBRUARY 19, 2013
Prevention vs. clean up. It’s a security question all financial institutions should ask themselves. When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. That’s because they continue to allow criminals to get their foot in the door.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Kali Linux
SEPTEMBER 4, 2013
Today we are pleased to announce the immediate availability of Kali Linux 1.0.5 with a rollup of various tool additions, fixes, and upgrades , including our fix for the encrypted encrypted LVM installation issue that we documented last week. As usual, users with Kali already installed just need to run a simple update to get the latest goodness: root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade We’ve also received updated ARM images from OffSec, which bring several fixes to issu
Kali Linux
SEPTEMBER 2, 2013
Kali Linux on any Android Phone or Tablet Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, we’ve built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android.
Kali Linux
AUGUST 28, 2013
A little while back, a bug with the LVM encrypted install in Kali Linux 1.0.4 was reported in our bug tracker. This bug was high priority in our TODO as encrypted installs are an important feature in our industry so we wanted to squash this bug ASAP. This article will describe the process of debugging, identifying, and fixing this bug in Kali, and ultimately in Debian as well.
Kali Linux
JULY 30, 2013
Whenever we are given the opportunity to describe Kali Linux, we use the word “ powerful ” Have you ever wondered or asked yourself why exactly we consider Kali to be so “Powerful”? Why is Kali any different or better from say, an Ubuntu machine with a bunch of security tools preinstalled on it? After all, our nmap package isn’t any better than anyone else’s, is it ?
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Kali Linux
JULY 24, 2013
In keeping with our tradition of publishing new releases during the annual Black Hat and DEF CON conferences, we are pleased to announce the availability of Kali Linux 1.0.4. The last few months since the initial release of Kali have seen a large number of changes, upgrades, and improvements in the distribution, all of which are included in version 1.0.4.
Kali Linux
JULY 14, 2013
We’ve just pushed a bunch of packages, tools, and utilities to the main Kali repositories. These tools have been on the top of our wish list for a while and some of them were quite challenging to package. Before we start telling you of our packaging woes, here’s how to update your Kali installation and get the latest goodness from our repos: apt-get update apt-get dist-upgrade apt-get install passing-the-hash unicornscan winexe apt-get install unicornscan enum4linux polenum apt-get i
Kali Linux
APRIL 25, 2013
A couple of weeks ago, we were approached (independently) by two blind security enthusiasts who both drew our attention to the fact that Kali Linux had no built-in accessibility features. This made Kali difficult, if not impossible, to both install and use from a blind or visually impaired user’s perspective. Our first attempts at building an accessible version of Kali failed and after a bit of digging, we found that there were several upstream GNOME Display Manager (GDM3) bugs in Debian ,
Kali Linux
MARCH 24, 2013
We’ve been busy this week, still behind on our emails, but going strong with Kali development. We packaged some new tools which were pointed out by the community as missing, such as inguma , arachni , bully , lbd , uniscan , automater , as well as started to build a framework of libraries and patches for bluetooth sniffing and ubertooth tools.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Kali Linux
MARCH 12, 2013
Enter Kali Linux “ So, what’s the difference between BackTrack and Kali? ” you might be asking. Unfortunately for us, that’s not a simple question to answer. It’s a mix between “everything” and “not much”, depending on how you used BackTrack. From an end user perspective, the most obvious change would be the switch to Debian and an FHS-compliant system.
Kali Linux
MARCH 12, 2013
Kali Linux, the rising It’s been 7 years since we released our first version of BackTrack Linux , and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version” Scrapping it all and starting afresh It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all t
NopSec
FEBRUARY 22, 2013
NopSec is pleased to announce the immediate availability of a new Executive Dashboard for Unified VRM. NopSec continues the rapid pace of innovation with new capabilities that provide customers with a graphical view of prioritized vulnerabilities and at-a glance progress toward fixes. Michelangelo Sidagni, Chief Technology Officer at NopSec, had this to say about the Executive Dashboard, “Our customers requested the ability to confidently gauge the vulnerabilities and risk at the present moment
Scary Beasts Security
DECEMBER 29, 2013
Recently, there's been a reasonable amount of activity in the vtable protection space. Most of it is compiler-based. For example, there's the GCC-based virtual table verification, aka. VTV. There are also multiple experiments based on clang / LLVM and of course MSVC's vtguard. In the non-compiler space, there's Blink's heap partitioning, enabled by PartitionAlloc.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Elie
OCTOBER 25, 2013
I was lucky enough to get the new 2013 high-end Macbook Pro Retina (15in) yesterday and started wondering about how it compares to the mid-2012 Retina (15in) model. On a personal level, I'm also pretty interested in how its gaming performance compares with its predecessor's.
Elie
SEPTEMBER 17, 2013
Nearly everyone loves mobile apps that can perform local searches, get directions, or find the nearest decent restaurant. But what’s not so obvious is that these local apps can have hidden bandwidth costs — meaning that, in some cases, they can run up your phone bill in ways you might not expect.
Privacy and Cybersecurity Law
DECEMBER 6, 2013
As anticipated, in the wake of the Supreme Judicial Court ruling on March 11, 2013, in Tyler v. Michaels Stores, […].
Privacy and Cybersecurity Law
DECEMBER 6, 2013
On the day after Nelson Mandela’s passing, we wanted to highlight the long awaited South African law on data protection which […].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Privacy and Cybersecurity Law
DECEMBER 5, 2013
The appeal to the US Supreme Court took an interesting turn in the Facebook Beacon litigation (Marek v. Lane). The […].
Privacy and Cybersecurity Law
DECEMBER 4, 2013
The number of class-action lawsuits brought under the Telephone Consumer Protection Act (TCPA) against businesses that regularly call consumers for […].
Privacy and Cybersecurity Law
NOVEMBER 29, 2013
Apple Defeats Class-Based Privacy Claims on Standing Arguments Apple successfully defeated claims asserting it had violated its privacy policies in […].
Privacy and Cybersecurity Law
NOVEMBER 28, 2013
The hotly anticipated Malaysian Personal Data Protection Act (PDPA) was finally enforced on 15 November 2013. Along with other related […].
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Privacy and Cybersecurity Law
NOVEMBER 27, 2013
In the wake of the negative publicity that Nordstrom received from its use of mobile location analytics (MLA) in a […].
Privacy and Cybersecurity Law
NOVEMBER 27, 2013
A few days ago, the UK data protection watchdog (ICO) released a warning to organisations that employ temporary or agency […].
Privacy and Cybersecurity Law
NOVEMBER 22, 2013
It was recently reported that supermarket giant, Tesco, is launching face scanning technology at petrol stations in order to show […].
NopSec
NOVEMBER 8, 2013
Many federal regulations such as GBLA, HIPAA and PCI require an annual penetration test. Customers often ask for our penetration testing services in direct response to a compliance request from an auditor or industry regulator. NopSec recommends a penetration test to determine a baseline of your company’s security posture. With that in mind, we have compiled some of our popular blog posts relevant to penetration testing for your reading enjoyment.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Expert insights. Personalized for you.
82 
Let's personalize your content