Latest Blog Posts

094983f35f079e5bd15fdc2f9ce9297c

ZeroAccess – The Sleeping Threat

February 20, 2014 Added by:Edward Jones

ZeroAccess, also known as Sirefef, is one of the most robust and durable botnets in recent history. It was first discovered back in July 2011 and has since infected almost 2 million Windows computers all over the world and cost online advertisers over £1.6 million each month through fraudulent clicks!

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Iterative DNS Brute Forcing

February 20, 2014 Added by:Rob Fuller

Over the years of doing DNS record collection I have noticed one thing, most domains have a large number of short hostnames that are easy to remember, usually 4 characters or less. I’m sure you already know where I’m going with this, I wanted to brute force all possible hostnames up to 4 characters.

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

What's The Next Reflection Attack

February 20, 2014 Added by:Alan Woodward

Two years ago we were all talking about DNS reflection attacks and the possibility that they may make an appearance. A year later they did just that, and on a massive scale.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

How to Make Better Threat Intelligence Out of Threat Intelligence Data?

February 19, 2014 Added by:Anton Chuvakin

One of the key uses for threat intelligence (TI) data is making better threat intelligence data out of it.

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Getting a Remote Shell on an Android Device using Metasploit

February 19, 2014 Added by:Dan Dieterle

In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.

Comments  (0)

9fb165a9b7dfef2a9f8ac7d69b22a42c

Vertical Password Guessing Attacks Part II

February 19, 2014 Added by:Vince Kornacki

Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. In this post, Vince explains how to conduct Vertical Password Guessing Attacks.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Surveillance and Pressure Against WikiLeaks and Its Readers

February 19, 2014 Added by:Electronic Frontier Foundation

Surveillance and legal tactics by the NSA and GCHQ add to the growing list of examples of the government responding to investigative journalism that exposes corruption by attacking the media rather than the corruption.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Why Enterprises Are Struggling So Much with Encryption

February 19, 2014 Added by:Patrick Oliver Graf

Encryption. For most organizations, the need for it is very apparent, but for some reason, its implementation often falls well short of goals and expectations. The obvious question here is: why?

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

On NTP Reflection DDoS: 1990s Strike Back?

February 18, 2014 Added by:Anton Chuvakin

Sure, I admire the ability of attackers to find all the opportunities for amplification DDoS. DNS – check, NTP – check, SNMP – pending… However, I definitely can not hold the the same admiration for the “defenders” (if they can be called that) who still allow spoofed packets to leave their networks.

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Profiling hacking for hire services offered in the underground

February 18, 2014 Added by:Pierluigi Paganini

Surfing in various cyber criminal forums or visiting some hidden services in the DeepWeb, it is quite easy to discover forums dedicated to facilitating the matching of supply and demand.

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Monitoring: an Absolute Necessity (but a Dirty Word Nonetheless)

February 17, 2014 Added by:Brent Huston

There is no easier way to shut down the interest of a network security or IT administrator than to say the word "monitoring." You can just mention the word and their faces fall as if a rancid odor had suddenly entered the room! And I can’t say that I blame them.

Comments  (2)

03b2ceb73723f8b53cd533e4fba898ee

Crowd-Funding Site Kickstarter Hacked

February 17, 2014 Added by:Pierluigi Paganini

The popular crowd funding website Kickstarter is the lastest victim of a data breach.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

A Closer Look at the Android VPN Flaw

February 17, 2014 Added by:Patrick Oliver Graf

The recent revelation from Ben Gurion University of malicious apps that can be used to bypass VPN configurations and push communications to a different network address changes the conversation entirely.

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Highlights From Verizon PCI Report 2014

February 13, 2014 Added by:Anton Chuvakin

The vast majority of organizations are still not sufficiently mature in their ability to implement and maintain a quality, sustainable PCI Security compliance program.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Pre-Authorization Data Must be Protected

February 10, 2014 Added by:PCI Guru

Just because it is pre-authorization data does not mean that you are not required to protect it. The Council has made it very clear that it is to be protected with the same rigor as post-authorization data.

Comments  (5)

21d6c9b1539821f5afbd3d8ce5d96380

Interoperability: A Much Needed Cloud Computing Focus

February 10, 2014 Added by:Kevin L. Jackson

Cloud computing transitions IT from being "systems of physically integrated hardware and software" to "systems of virtually integrated services." This transition makes interoperability the difference between the success and failure of IT deployments, especially in the Federal government.

Comments  (6)


« First < Previous | 4 - 5 - 6 - 7 - 8 | Next > Last »