2015

article thumbnail

OS X El Capitan: The smart person's guide

Tech Republic Security

This comprehensive guide includes everything you need to know about Apple's OS X El Capitan, including features, requirements, upgrade options, software updates, and more.

Software 102
article thumbnail

19.5% of https sites trigger browser warning as they use sha-1 signed certificates

Elie

19.5% of HTTPS-enabled sites in Alexa's Top 1 Million trigger or will soon trigger a Chrome security warning because they are using the now deprecated SHA-1 signature algorithm to sign their HTTPS certificate. Soon those sites will be flagged by all major browsers as insecure.

62
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Docker-based OpenVAS Scanning Cluster to Improve Scope Scalability

NopSec

OpenVAS (Open Vulnerability Assessment Scanner) – is an open source security vulnerability scanner and manager. It is an open source fork of the commercial vulnerability scanner Nessus and it provides several options to manage distributed, remote, local scans and add several other specialized vulnerability scanners to the mix. Since OpenVAS 8 was released with improved Master-Slave support for better distributed and load-balanced scanning, NopSec decided to build a proof of concept securit

article thumbnail

Kali Moto End of Life & Kali Dojo Slides

Kali Linux

Kali Sana Release Aftermath Kali Linux 2.0 has been out for a couple of months and the response has been great, with well over a million unique downloads of Kali 2.0 as a testament. Release day was somewhat hectic for us, as we did not anticipate the sheer volume of traffic … which we somehow always underestimate. In the first few days after the release of 2.0, we had ten times the download volume of 1.0 in a similar period, back in 2013.

52
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Freedom of Expression and Privacy in Labour Disputes: Amendments to Alberta’s Personal Information Protection Act in Force

Privacy and Cybersecurity Law

Alberta’s Personal Information Protection Act (PIPA) entered 2015 with a (slightly) new look. Amendments set out in Bill 3, the […].

52
article thumbnail

Crackas With Attitude: What We’ve Learned

Digital Shadows

One of the most active actors of the past several months has been a hacktivist group who identify themselves as. The post Crackas With Attitude: What We've Learned first appeared on Digital Shadows.

More Trending

article thumbnail

Data Loss Disasters in the Cloud

Spinone

Let’s review the most common causes of data loss in the cloud and data loss protection tools. Well, we are not paranoiacs. Sometimes even to the contrary: when we lose important files we would really like if there was a copy of it somewhere. User error Cloud services provide an ability to delete users’ data. Usually, it’s an accidental deletion.

Backups 40
article thumbnail

vsftpd-3.0.3 released. and the horrors of FTP over SSL

Scary Beasts Security

I just released vsftpd-3.0.3, as noted on the vsftpd home page. It's actually been almost three years(!) since vsftpd-3.0.2, so things do seem to be getting very stable and calming down. The exception to things getting very stable and calming down seems to be SSL over FTP, which has been a constant source of, uh, joy, for some time now. Some issues fixed relate to security and warrant describing here because I think they are interesting.

article thumbnail

Kali Linux 2.0 Release - Sana

Kali Linux

Our Next Generation Penetration Testing Platform We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new [Kali Linux Dojo](](/docs/development/dojo-mastering-live-build/), which was a blast. With the help of a few good people , the Dojo rooms were set up ready for the masses - where many generated their very own Kali 2.0 ISOs for the first time.

article thumbnail

Kali Linux 2.0 Release Day Scheduled

Kali Linux

We’ve been awfully quiet lately, which usually means something is brewing below the surface. In the past few months we’ve been working feverishly on our next generation of Kali Linux and we’re really happy with how it’s looking so far. There’s a lot of new features and interesting new aspects to this updated version, however we’ll keep our mouths shut until we’re done with the release.

52
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Official Kali Linux Docker Images Released

Kali Linux

For the latest information, please see our documentation on Docker Last week we received an email from a fellow penetration tester, requesting official Kali Linux Docker images that he could use for his work. We bootstrapped a minimal Kali Linux 1.1.0a base and registered it under our Kali Linux Docker account. A few minutes later, said fellow pentester was up and running with Metasploit and the Top 10 Kali Linux tools on his Macbook Pro.

article thumbnail

A little Machine Learning “Magic”…

NopSec

This blog post is the first of a series documenting the journey into Machine Learning Algorithms NopSec is undertaking as part of Unified VRM data analytics capabilities. In our last sprint, as part of Unified VRM, we started using Machine Learning – [link] – to spot trends in past clients vulnerability data in order to abstract areas of the security program that need improvement in the future.

article thumbnail

OpenVAS 8.0 Vulnerability Scanning

Kali Linux

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and

article thumbnail

ThreatForce: The Vulnerability and Threat Search & Correlation Engine

NopSec

NopSec has just launched ThreatForce – a flagship security vulnerability search engine that makes it easy for security analysts to gain a consolidated view of vulnerabilities by CVE correlated with threat, exploit and other public sources. NopSec ThreatForce offers a summary and detailed results with correlation and links to: Exploit-DB and Metasploit DB of exploits All related patch links under different vendors covering Linux, Unix, Windows, and mobile OS flavors.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Go party with the #DevOps

NopSec

As part of the DevOps movement, it would be desirable to scan your web application for security vulnerability as part of the Continuous Integration loop or the minute a code change is detected. Now it’ s possible with NopSec Unified VRM Web Application module linked API. With the current release of Unified VRM – 3.4.7 – customers can call our RESTful API to automatically scan their web application assets based on a certain trigger event, such as: As part of script invoked in a

52
article thumbnail

Vagrant Boxes: Private Vagrant Box Hosting With Easy Versioning

NopSec

At NopSec, we are using vagrant and packer to spin up local dev environments and build our instances across the various hypervisor and cloud providers we use. We have packer scripts that build our VirtualBox and VMware images used in local development and our various instances used in our cloud providers. An issue I had to solve recently was how best to share development vagrant boxes within our team.

article thumbnail

Mapping Penetration Testing report and vulnerability management CVEs

NopSec

Penetration tests are point-in-time adversarial tests aimed at testing the intrusion prevention, detection, and incident response capabilities and controls of an organization. Usually well-trained penetration testers produce reports including the attack vectors and exploits used to successfully attack the network / application and the related vulnerabilities / CVEs exploited during the penetration test.

article thumbnail

Counting Vulnerabilities. Assessing Threats. Frictionless Remediation

NopSec

A couple of days ago I read an interesting article in the Tenable Network Security Blog — here — where the author was arguing that the number of security vulnerabilities detected in a network is not a good indicator of risk that the network itself is facing against motivated attackers and malware. In the above-mentioned blog post, the author states “Telling an organization that they have 10,324 vulnerabilities, whilst shocking, doesn’t convey the actual risks faced”

Risk 52
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Kali Linux 1.1.0 Release

Kali Linux

After almost two years of public development (and another year behind the scenes), we are proud to announce our first point release of Kali Linux - version 1.1.0. This release brings with it a mix of unprecedented hardware support as well as rock solid stability. For us, this is a real milestone as this release epitomizes the benefits of our move from BackTrack to Kali Linux over two years ago.

article thumbnail

Linux Ghost Vulnerability: A GHOST in the….Linux….Wires

NopSec

Our partner Qualys discovered a new vulnerability nick-named “GHOST” (called as such because it can be triggered by the GetHOST functions) and worked with most of the Linux operating system distributions to patch it as of January 27th 2015. The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

DNS 52
article thumbnail

Understanding how tls downgrade attacks prevent email encryption

Elie

Over the last two years, the number of encrypted emails received by Gmail has almost doubled, as I reported earlier on the Google security blog. This very encouraging trend is sadly accompanied with an increase of SMTP TLS downgrade attacks, which prevent encryption of emails in transit as discussed in our research paper on the state of email transport security.

article thumbnail

How phishing works

Elie

Phishing is a social-engineering attack where the attacker entice his victims to give-up their credentials for a given website by impersonating it. Believe it or not phishing campaigns are well organized and follow a very strict playbook. This post aim at shedding some light on how phishing campaign works under the hood, showcase which infrastructure phishers use to steal users credentials and provide advice on how to defend against it.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Hearthstone 3d card viewer in pure javascript/css3

Elie

To celebrate the new Hearthstone extension, Blackrock Mountain, I’m releasing a Hearthstone 3D card viewer written in pure Javascript. I feel Blackrock Mountain’s release is the perfect opportunity to showcase HTML5’s top notch performance and inspire more people to do cool visualizations on the web. With well over 500 cards, it’s high time to create a tool with powerful filtering and attractive visualization to explore the cards in an interesting fashion that works both on desktops and tablets.

48
article thumbnail

EU close to doing a deal on Safe Harbor

Privacy and Cybersecurity Law

It has been reported today by the Reuters news agency that the European Commission is working with the US on […].

52
article thumbnail

Canadian Privacy Compliance: Time for your Online Checkup

Privacy and Cybersecurity Law

In a previous post on online behavioural advertising (OBA), we wrote about the Office of the Privacy Commissioner’s “call to action” to stakeholders in […].

article thumbnail

Criminal Services – Crypting

Digital Shadows

In the world of cybercrime, malicious software (malware) plays an important role. But if you’re a cybercriminal, how do you. The post Criminal Services – Crypting first appeared on Digital Shadows.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

‘Hacker Buba’: Failed extortion, what next?

Digital Shadows

An actor identifying itself as “Hacker Buba” recently claimed to have breached Invest Bank and posted purported customer and client. The post ‘Hacker Buba’: Failed extortion, what next? first appeared on Digital Shadows.

Banking 40
article thumbnail

Communicating Intelligence: The Challenge of Consumption

Digital Shadows

In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how. The post Communicating Intelligence: The Challenge of Consumption first appeared on Digital Shadows.

40
article thumbnail

How to Speak Information Security to Executives: A CSO Perspective

NopSec

According to recent research over 60 percent of survey participants stated their executives are only “somewhat” or “not at all” informed about the information security risk and threats their organizations face. In commenting on the results, I stated this lack of awareness is “astounding.” In an age where data breaches crowd the daily headlines, lack of awareness is no longer an excuse for executives.

article thumbnail

Communicating Intelligence: Getting the message out

Digital Shadows

In my previous blog I discussed some of the challenges associated with communicating intelligence. In this follow up piece, I’ll. The post Communicating Intelligence: Getting the message out first appeared on Digital Shadows.

40
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.