Tech Republic Security
DECEMBER 22, 2015
This comprehensive guide includes everything you need to know about Apple's OS X El Capitan, including features, requirements, upgrade options, software updates, and more.
Scary Beasts Security
JULY 26, 2015
I just released vsftpd-3.0.3, as noted on the vsftpd home page. It's actually been almost three years(!) since vsftpd-3.0.2, so things do seem to be getting very stable and calming down. The exception to things getting very stable and calming down seems to be SSL over FTP, which has been a constant source of, uh, joy, for some time now. Some issues fixed relate to security and warrant describing here because I think they are interesting.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
JANUARY 31, 2015
19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.
NopSec
DECEMBER 4, 2015
According to FireEye, a U.S. based provider of next generation threat protection, it takes companies, on average, more than 200 days to detect they are being hacked. Couple that result with the 2015 Verizon Data Breach Investigations Report that found 99.9 percent of vulnerabilities were exploited over a year since they were disclosed, and you can see that protecting data from hackers is in a sublime state of disrepair.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Kali Linux
OCTOBER 14, 2015
Kali Sana Release Aftermath Kali Linux 2.0 has been out for a couple of months and the response has been great, with well over a million unique downloads of Kali 2.0 as a testament. Release day was somewhat hectic for us, as we did not anticipate the sheer volume of traffic … which we somehow always underestimate. In the first few days after the release of 2.0, we had ten times the download volume of 1.0 in a similar period, back in 2013.
Privacy and Cybersecurity Law
AUGUST 6, 2015
It has been reported today by the Reuters news agency that the European Commission is working with the US on […].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Digital Shadows
NOVEMBER 23, 2015
One of the most active actors of the past several months has been a hacktivist group who identify themselves as. The post Crackas With Attitude: What We've Learned first appeared on Digital Shadows.
Spinone
AUGUST 17, 2015
Beware! The latest news of cyber security industry is more than disturbing. According to Imperva Hacker Intelligence Initiative report – a well known cyber security company – cybercriminals may now easily get access to all users’ files in cloud services such as Google Drive , Microsoft OneDrive, Dropbox, and Box, if they are able to get into the computer, on which the clients of these services are installed.
CompTIA on Cybersecurity
JULY 22, 2015
A security breach in this constantly connected world can mean anything from being inconvenienced to being extorted — and for businesses that don’t properly secure their networks it can mean massive losses in profits and time. At a time when it’s harder than ever to find highly skilled IT security staff, CompTIA’s 11th Annual Information Security Trends study shows data breaches cropping up with growing frequency, and recovery taking longer than ever before.
NopSec
DECEMBER 1, 2015
OpenVAS (Open Vulnerability Assessment Scanner) – is an open source security vulnerability scanner and manager. It is an open source fork of the commercial vulnerability scanner Nessus and it provides several options to manage distributed, remote, local scans and add several other specialized vulnerability scanners to the mix. Since OpenVAS 8 was released with improved Master-Slave support for better distributed and load-balanced scanning, NopSec decided to build a proof of concept securit
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Kali Linux
AUGUST 10, 2015
Our Next Generation Penetration Testing Platform We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new [Kali Linux Dojo](](/docs/development/dojo-mastering-live-build/), which was a blast. With the help of a few good people , the Dojo rooms were set up ready for the masses - where many generated their very own Kali 2.0 ISOs for the first time.
Kali Linux
JULY 5, 2015
We’ve been awfully quiet lately, which usually means something is brewing below the surface. In the past few months we’ve been working feverishly on our next generation of Kali Linux and we’re really happy with how it’s looking so far. There’s a lot of new features and interesting new aspects to this updated version, however we’ll keep our mouths shut until we’re done with the release.
Kali Linux
MAY 25, 2015
For the latest information, please see our documentation on Docker Last week we received an email from a fellow penetration tester, requesting official Kali Linux Docker images that he could use for his work. We bootstrapped a minimal Kali Linux 1.1.0a base and registered it under our Kali Linux Docker account. A few minutes later, said fellow pentester was up and running with Metasploit and the Top 10 Kali Linux tools on his Macbook Pro.
Kali Linux
MAY 3, 2015
A short while ago, we packaged and pushed out a few important wireless penetration testing tool updates for aircrack-ng, pixiewps and reaver into Kali’s repository. These new additions and updates are fairly significant, and may even change your wireless attack workflows. Here’s a short run-down of the updates and the changes they bring.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
NopSec
APRIL 29, 2015
This blog post is the first of a series documenting the journey into Machine Learning Algorithms NopSec is undertaking as part of Unified VRM data analytics capabilities. In our last sprint, as part of Unified VRM, we started using Machine Learning – [link] – to spot trends in past clients vulnerability data in order to abstract areas of the security program that need improvement in the future.
Kali Linux
APRIL 26, 2015
Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and
NopSec
APRIL 24, 2015
NopSec has just launched ThreatForce – a flagship security vulnerability search engine that makes it easy for security analysts to gain a consolidated view of vulnerabilities by CVE correlated with threat, exploit and other public sources. NopSec ThreatForce offers a summary and detailed results with correlation and links to: Exploit-DB and Metasploit DB of exploits All related patch links under different vendors covering Linux, Unix, Windows, and mobile OS flavors.
NopSec
APRIL 9, 2015
As part of the DevOps movement, it would be desirable to scan your web application for security vulnerability as part of the Continuous Integration loop or the minute a code change is detected. Now it’ s possible with NopSec Unified VRM Web Application module linked API. With the current release of Unified VRM – 3.4.7 – customers can call our RESTful API to automatically scan their web application assets based on a certain trigger event, such as: As part of script invoked in a
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
NopSec
MARCH 27, 2015
At NopSec, we are using vagrant and packer to spin up local dev environments and build our instances across the various hypervisor and cloud providers we use. We have packer scripts that build our VirtualBox and VMware images used in local development and our various instances used in our cloud providers. An issue I had to solve recently was how best to share development vagrant boxes within our team.
NopSec
MARCH 27, 2015
Penetration tests are point-in-time adversarial tests aimed at testing the intrusion prevention, detection, and incident response capabilities and controls of an organization. Usually well-trained penetration testers produce reports including the attack vectors and exploits used to successfully attack the network / application and the related vulnerabilities / CVEs exploited during the penetration test.
We Live Security
MARCH 9, 2015
ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.
We Live Security
MARCH 9, 2015
An attempt to silence feminism blog Femsplain backfires on DDoS attackers, as they only help to raise its profile.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
We Live Security
MARCH 5, 2015
In this post, we lift the veil on Casper - another piece of software that we believe to have been created by the same organization that is behind Babar and Bunny.
NopSec
FEBRUARY 25, 2015
A couple of days ago I read an interesting article in the Tenable Network Security Blog — here — where the author was arguing that the number of security vulnerabilities detected in a network is not a good indicator of risk that the network itself is facing against motivated attackers and malware. In the above-mentioned blog post, the author states “Telling an organization that they have 10,324 vulnerabilities, whilst shocking, doesn’t convey the actual risks faced”
We Live Security
FEBRUARY 20, 2015
Lenovo's installation of a security-breaking app called Superfish on some computers has customers justifiably angry, but some folks are now unnecessarily confused by false positive detection.
We Live Security
FEBRUARY 13, 2015
After the Anthem mega-breach, questions abound about possible abuses of medical data. Here is a breakdown that offers some context.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
We Live Security
FEBRUARY 12, 2015
With Valentines Day nearly upon us, millions will be looking for love online. Here's six online dating scams to look out for.
We Live Security
FEBRUARY 10, 2015
It's Safer Internet Day. But millions of devices which have not been designed with security in mind are connecting to the internet. Shouldn't we be able to tell the manufacturers that enough is enough?
We Live Security
FEBRUARY 9, 2015
Buying and selling on eBay can be great, but it can also be fraught with risk. Here are some of the most common eBay scams and how they can be avoided.
Kali Linux
FEBRUARY 8, 2015
After almost two years of public development (and another year behind the scenes), we are proud to announce our first point release of Kali Linux - version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid stability. For us, this is a real milestone as this release epitomizes the benefits of our move from BackTrack to Kali Linux over two years ago.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
113 
Let's personalize your content