2013

article thumbnail

Apple finally turns HTTPS on for the app store, fixing a lot of vulnerabilities

Elie

Early July 2012, I reported to Apple numerous vulnerabilities related to their App Store iOS app. Last week Apple finally issued a fix for it and turned on HTTPS for the App Store. I am really happy that my spare-time work pushed Apple to finally enabled HTTPS to protect users.

62
article thumbnail

Ultimate Pentesting PwnBox (2013) - Utilite Pro

Kali Linux

We’re always on the lookout for and interesting ARM hardware for Kali Linux. Whether it’s a Galaxy Note or a USB stick sized SS808 , we want to see Kali run on it. You can therefore imagine our excitement, when we first laid our eyes on the Utilite pro. Utilite Pro is a quad core ARM cortex-A9 machine with up to 4 GB of RAM, up to 512 GB mSATA SSD , HDMI and DVI-D output, dual (2x) 1GB nics , a built in wireless card and 4 USB ports.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2003-0095 – Oracle Database Server Unauthenticated Remote Overflow Metasploit Module

NopSec

Penetration testing is one of the services that we offer NopSec customers. A vulnerability assessment and penetration test provide an excellent snapshot of an organization’s risk at a given point in time. By simulating a real-world attack, our Security Engineers actively attempt to exploit vulnerabilities and gain access to system resources without damaging or disrupting any of our customer’s production services.

article thumbnail

How pre-answered caller authentication helps prevent telephone bank fraud

Dark Reading

Prevention vs. clean up. It’s a security question all financial institutions should ask themselves. When it comes to providing a trusted customer environment, banks are typically better at resolving problems stemming from non-predictive authentication and fraud than preventing them. That’s because they continue to allow criminals to get their foot in the door.

Banking 40
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Canada’s Anti-Spam Law (CASL) – Proposed New Regulations Would Soften Impact

Privacy and Cybersecurity Law

Draft Regulations recognize CASL should not apply to “regular business communications” Industry Canada has published long-awaited draft Regulations that would lessen the impact […].

article thumbnail

Exploiting 64-bit Linux like a boss

Scary Beasts Security

Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome patches and autoupdates bugs pretty fast but this is a WebKit bug and not every consumer of WebKit patches bugs particularly quickly. So I've waited a few months to release a full breakdown of the exploit.

More Trending

article thumbnail

Kali Linux 1.0.5 and Software Defined Radio

Kali Linux

Today we are pleased to announce the immediate availability of Kali Linux 1.0.5 with a rollup of various tool additions, fixes, and upgrades , including our fix for the encrypted encrypted LVM installation issue that we documented last week. As usual, users with Kali already installed just need to run a simple update to get the latest goodness: root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade We’ve also received updated ARM images from OffSec, which bring several fixes to issu

article thumbnail

Kali Linux on Android using Linux Deploy

Kali Linux

Kali Linux on any Android Phone or Tablet Getting Kali Linux to run on ARM hardware has been a major goal for us since day one. So far, we’ve built native images for the Samsung Chromebook, Odroid U2, Raspberry Pi, RK3306, Galaxy Note 10.1, CuBox, Efika MX, and BeagleBone Black to name a few. This however does not mean you cannot install Kali Linux in a chroot on almost any modern device that runs Android.

article thumbnail

Tracking and Fixing an Installer Bug

Kali Linux

A little while back, a bug with the LVM encrypted install in Kali Linux 1.0.4 was reported in our bug tracker. This bug was high priority in our TODO as encrypted installs are an important feature in our industry so we wanted to squash this bug ASAP. This article will describe the process of debugging, identifying, and fixing this bug in Kali, and ultimately in Debian as well.

article thumbnail

Kali Linux - Penetration Testing Platform

Kali Linux

Whenever we are given the opportunity to describe Kali Linux, we use the word “ powerful ” Have you ever wondered or asked yourself why exactly we consider Kali to be so “Powerful”? Why is Kali any different or better from say, an Ubuntu machine with a bunch of security tools preinstalled on it? After all, our nmap package isn’t any better than anyone else’s, is it ?

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Kali Linux 1.0.4 Summer Update Release

Kali Linux

In keeping with our tradition of publishing new releases during the annual Black Hat and DEF CON conferences, we are pleased to announce the availability of Kali Linux 1.0.4. The last few months since the initial release of Kali have seen a large number of changes, upgrades, and improvements in the distribution, all of which are included in version 1.0.4.

article thumbnail

Pass the Hash toolkit, Winexe and more.

Kali Linux

We’ve just pushed a bunch of packages, tools, and utilities to the main Kali repositories. These tools have been on the top of our wish list for a while and some of them were quite challenging to package. Before we start telling you of our packaging woes, here’s how to update your Kali installation and get the latest goodness from our repos: apt-get update apt-get dist-upgrade apt-get install passing-the-hash unicornscan winexe apt-get install unicornscan enum4linux polenum apt-get i

article thumbnail

Kali Linux Accessibility Improvements

Kali Linux

A couple of weeks ago, we were approached (independently) by two blind security enthusiasts who both drew our attention to the fact that Kali Linux had no built-in accessibility features. This made Kali difficult, if not impossible, to both install and use from a blind or visually impaired user’s perspective. Our first attempts at building an accessible version of Kali failed and after a bit of digging, we found that there were several upstream GNOME Display Manager (GDM3) bugs in Debian ,

article thumbnail

Bleeding Edge Kali Linux

Kali Linux

We’ve been busy this week, still behind on our emails, but going strong with Kali development. We packaged some new tools which were pointed out by the community as missing, such as inguma , arachni , bully , lbd , uniscan , automater , as well as started to build a framework of libraries and patches for bluetooth sniffing and ubertooth tools.

52
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Kali Linux Release Aftermath

Kali Linux

Five days into the Kali Linux release at BlackHat EU in Amsterdam, and we’re still not fully recovered. Since the release, we’ve had just over 90,000 downloads , a dozen or so package updates, added more articles to the Kali Documentation, started a Portuguese translation , and we even managed to squeeze in a small bugfix release (Kali 1.0.1), which resolved an annoying USB keyboard issue some users reported.

52
article thumbnail

What's New in Kali Linux?

Kali Linux

Enter Kali Linux “ So, what’s the difference between BackTrack and Kali? ” you might be asking. Unfortunately for us, that’s not a simple question to answer. It’s a mix between “everything” and “not much”, depending on how you used BackTrack. From an end user perspective, the most obvious change would be the switch to Debian and an FHS-compliant system.

article thumbnail

Kali Linux 1.0 Release - Moto - The Birth of Kali Linux

Kali Linux

Kali Linux, the rising It’s been 7 years since we released our first version of BackTrack Linux , and the ride so far has been exhilarating. When the dev team started talking about BackTrack 6 (almost a year ago), each of us put on paper a few “wish list goals” that we each wanted implemented in our “next version” Scrapping it all and starting afresh It soon became evident to us that with our 4 year old development architecture, we would not be able to achieve all t

article thumbnail

NopSec announces Executive Dashboard and new capabilities for Unified VRM software-as-a-service

NopSec

NopSec is pleased to announce the immediate availability of a new Executive Dashboard for Unified VRM. NopSec continues the rapid pace of innovation with new capabilities that provide customers with a graphical view of prioritized vulnerabilities and at-a glance progress toward fixes. Michelangelo Sidagni, Chief Technology Officer at NopSec, had this to say about the Executive Dashboard, “Our customers requested the ability to confidently gauge the vulnerabilities and risk at the present moment

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

High-end macbook pro retina (late 2013, 15in) benchmark

Elie

I was lucky enough to get the new 2013 high-end Macbook Pro Retina (15in) yesterday and started wondering about how it compares to the mid-2012 Retina (15in) model. On a personal level, I'm also pretty interested in how its gaming performance compares with its predecessor's.

48
article thumbnail

The (untold) price of doing local search

Elie

Nearly everyone loves mobile apps that can perform local searches, get directions, or find the nearest decent restaurant. But what’s not so obvious is that these local apps can have hidden bandwidth costs — meaning that, in some cases, they can run up your phone bill in ways you might not expect.

Mobile 48
article thumbnail

Has Your Company Performed an Annual Penetration Test Yet this Year?

NopSec

Many federal regulations such as GBLA, HIPAA and PCI require an annual penetration test. Customers often ask for our penetration testing services in direct response to a compliance request from an auditor or industry regulator. NopSec recommends a penetration test to determine a baseline of your company’s security posture. With that in mind, we have compiled some of our popular blog posts relevant to penetration testing for your reading enjoyment.

article thumbnail

How Much does a Penetration Test Cost?

NopSec

This is the time of the year that we get a lot of inquiries about performing an annual penetration test. In every organization there are trade-offs of time, resources and budgets. So the inevitable question that arises is, “How much does/should a penetration test cost ?” The truthful answer to this question is, it depends. Deciding what and when to test can be the hardest step.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

The Role of Penetration Testing in Vulnerability Risk Management

NopSec

Reports in the news make it clear that the sophistication of cyber-attackers continues to evolve. So why do so many companies rely on an annual penetration test as the only safeguard against a cyber-attack? Some reasons include: lack of resources, limited budgets, insufficient leadership support, and organizational barriers. However, another reason is that the role of penetration testing in overall vulnerability risk management is not well understood.

article thumbnail

Penetration Testing in Healthcare

NopSec

In September the deadline for compliance with changes to the HIPAA rules relating to breaches of unsecured electronic Protected Health Information went into effect. At NopSec, we understand security-related processes and the risks associated with electronic protected health information (ePHI). The following post describes a recent penetration testing engagement that helped one of our customers address serious security vulnerabilities in an embedded medical device.

article thumbnail

Using Unified VRM to Implement SANS 20 Critical Security Controls

NopSec

The SANS 20 Critical Security Controls are prioritized mitigation steps to improve cybersecurity. Coordinated through the SANS Institute , many companies with mature security programs are aware of and have adopted the security controls with the objectives of increasing visibility of attacks, improving response preparedness and reducing information security risk.

Risk 40
article thumbnail

Importing Vulnerability Scanner Results into Unified VRM

NopSec

One of the most important aspects of every complex system is flexibility. Flexibility of adapting to changing circumstances and leveraging existing investments in technology solutions. The architecture of Unified VRM was designed with flexibility as a primary consideration. It not only has the capability to perform native scans on a wide variety of assets (external, internal, configuration, web application, wireless and more to come) but it also has the flexibility to import scan results from ex

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Vulnerability Management for Amazon Web Services (AWS)

NopSec

As the benefits of cloud computing drive increased adoption by businesses, the fastest growing area of public cloud computing appears to be Infrastructure-as-a-Service (IaaS).But with adopting an IaaS model, businesses are often leaving the safety of their applications to the service provider and blindly moving to the cloud with disregard for commonly held security practices.

article thumbnail

SANS Critical Control 20: SANS Penetration Testing and Red Team Exercises

NopSec

As we have reached the end of this blog post series on SANS 20 Critical Controls, this one is definitely one of my favorites and the one where NopSec can add a lot of value. But before delving into the details, let’s give penetration testing a definition. According to the SANS Critical Control # 20, Penetration testing involves mimicking the actions of computer attackers to identify vulnerabilities in a target organization, and exploiting them to determine what kind of access an attacker

article thumbnail

Banking and Insurance Regulators Focus on Cyber-Threats

NopSec

If you are responsible for IT security in the financial services industry, you may have been asked by a regulator to disclose details on your company’s preparedness for cyber-attacks. NopSec has received requests for help from customers at banks, credit unions, and insurance. In our own backyard, the New York State Department of Financial Services has distributed a “Cyber-Security/Cyber-Risk Questionnaire” that covers topics such as penetration testing, vulnerability scanning tools, and emerging

article thumbnail

SANS Critical Controls 17, 18 and 19: Data Loss Prevention, Incident Response and Management, Secure Network Engineering

NopSec

In this installment of our SANS 20 Critical Security Controls, I bundled three controls together simply because they are very much procedural in nature. I will explain how NopSec Unified VRM solution can help in implementing these three controls. Data Loss Prevention control has recently jumped on most organizations CISOs’ radarscreens because of the whistle-blowing revelations on NSA by Mr.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.