Items Tagged with "hackers"
September 24, 2012
Attackers take advantage of any externally facing web application. If you think about a web application is not mission because it’s not touching data and if there is a SQL Injection vulnerability that exists in there attackers can use that to gain a foothold inside the network...
September 21, 2012 Added by:Scot Terban
The paper, “Peter the Great Versus Sun Tzu” alleges that a comparison can be made between the varying actors in malware creation. They have broken this down into a battle royal between the “Asians” and the “Eastern Europeans” which is just patently stupid...
September 19, 2012 Added by:Tripwire Inc
The grey hat is more interested in the “how” than the “why”. There is a respect for the black hat's technical abilities, while keeping a wary eye on them. Some grey hats have had run ins with the law, not due to being malicious, but because curiosity got the best of them...
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
September 11, 2012 Added by:Jim Palazzolo
If you give public attention to your adversary, the stronger they get. We keep using terms like “Hacker” and “Black Hat”. I understand the need to classify the behavior. However, are we inadvertently giving individuals too much inherited power by recognizing them in context and connotation?
September 10, 2012 Added by:Brent Huston
Our testing of the “rdp-sec-check” tool showed it to be quite useful in determining the configuration of exposed Terminal Services and in hardening them. Keep in mind, it is likely useful to harden the Terminal Services implementations internally to critical systems as well...
September 05, 2012 Added by:Dan Dieterle
Is the information legit? If so, why would an FBI agent have a list of twelve million Apple ID’s which in some cases can be used to access information just as a password would? And how did the hacker group exploit this particular agent’s laptop and recover information from it?
September 05, 2012 Added by:Rafal Los
Only after many years of beating the drum that non-security professionals are waking up to the fact that security cannot be an after-thought in development. It'll take another five years before business executives are comfortable with the notion that they will be breached...
September 05, 2012 Added by:Tripwire Inc
Alex uncovered a poorly designed web page and convinced it to give up its secrets. What followed was a quick RDP war trying to plant our backdoor. I found myself with root level access having blasted away at it using Metasploit and uncovered several Easter eggs instructors had planted...
September 04, 2012 Added by:Richard Stiennon
Beaconing detection is a feature in the fastest growing security solutions in the market. I am tracking most of these vendors at 100% annual growth rates, a sure sign of a trend. Intelligent packet capture is a must-have technology in every cyber defense armament...
September 04, 2012 Added by:Robert Siciliano
“EMV transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal... EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions...”
September 04, 2012 Added by:Pierluigi Paganini
We can continue to the bitter end, but the lesson we must learn is that Anonymous has now become a part of our daily life, an element with which every security expert will have to face sooner or later. Continuing to ignore the phenomenon of hacktivism is very dangerous...
August 30, 2012 Added by:InfoSec Institute
"Penetration testers, the guys that come onto the sites—they’re highly in demand... In terms of technology, I think these guys see security in a different light than other people. They sort of can see it as a whole picture. Penetration testers are looking at it in a completely different light...."
August 28, 2012 Added by:Jeffrey Carr
Iran is at the center of every significant aspect of this attack. It is the only nation with access to the original Wiper virus from which Shamoon was copied. Perhaps Iran has learned something from Russia about the strategy of misdirection via the government's recruitment of patriotic hackers...
August 26, 2012 Added by:Rafal Los
The Information Security industry is rife with negativity. Why are we so quick to pile on to others' pain? Isn the security community just more cynical by nature, is it psychological? Are we wired this way? As an industry, our goal is to create more resilient, more secure' and more defensible postures for everyone...
August 26, 2012 Added by:Bill Gerneglia
Your company may not be the primary target, an attacker may use your organization as a stepping-stone to attack another. Don't be the weakest link in the supply chain. Information is power, the attackers know this, and successful attacks can result in significant financial loss...