Jai Vijayan from darkreading.com wrote a great article covering the Logjam Encryption Flaw. The original post can be found HERE.
Most major browsers, websites that support export ciphers impacted
More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers. Continue reading
The use of smartphones is the best way to stay in touch with your loved ones. And with the upsurge in the development of the instant messaging apps such as WhatsApp, Viber and a lot more have completely knocked out the traditional text messaging trend and have taken over the world of messaging. Even though there’s always a doubt with hacking of these apps; hacking WhatsApp has been confirmed as the easiest deal for an amateur hacker. Continue reading
I’ve posted about Ransomware such as Cryptolocker and Cryptowall (cyrptowall 2.0 HERE / Cryptowall 3.0 HERE). The idea behind Ransomware is malware ends up on a user’s system and encrypts all data on the hard drive. The malware informs the user that all data is encrypted and asks for a sum of money for the key to unencrypt the data. There typically is a time frame that the user can pay before the key is destroyed and all data is lost. There have been many variations of this threat and one recent version seen in the wild is TeslaCrypt. I have heard crazy stories such as people getting a phone call and the people claim to be Microsoft helpdesk however really attackers tricking people to install cryptolocker (learn more about this HERE).
My buddy Aamir Lakhani wrote a interesting post on the latest update of OpenVAS 8.0. This is a very useful vulnerability scanner available in Kali Linux. The original post can be found HERE.
Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running. Continue reading
Today Cisco announced the full integration of Application Centric Infrastructure (ACI) embedded security with the threat detection of FirePOWER Next Generation Intrusion Prevention System (NGIPS), providing automated threat protection to combat emerging datacenter security threats. Combining best of breed FirePOWER NGIPS with ACI, customers are now able to build highly secure infrastructure with fine-grained control (including application level security), visibility and centralized automation all the way from infrastructure to the application level. In addition, customers benefit from lower total cost of ownership including infrastructure and management costs as well as costs associated with security breaches. Cisco also announced that ACI is now validated by independent auditors for deployment in PCI compliant networks, which can help reduce the scope of a PCI audit and lower audit costs and time.
Raytheon, a major American defense contractor just announced they will be acquiring Websense for 1.9 billion dollars. You can find more on the announcement from reuters.com HERE or from the bloomberg.com post HERE. Below is from the bloomberg post.
Raytheon Co. agreed to acquire Websense Inc. from private-equity firm Vista Equity Partners LLC for $1.9 billion and plans to combine it with its cyber-products unit, people with knowledge of the matter said. Continue reading
Some people are starting to freak out about Leap Second like it is the next Y2K, which is strange. Just like Y2K, there is a fear that systems will crash due to time adjustments. The reality of it is yes, some systems will need to be patched or adjusted, but there is no reason to stock up on water and prepare for dooms day. Manufactures just dealt with this in June 2012 and will be prepared again this June. For those not familiar with Leap Second, this will be the 26th adjustment since 1972. For more information, check out an article on wired.com HERE.
Cisco published a Leap Second page HERE showing which products could be impacted by Leap Second and what is being offered to prepare prior to June 30th. This page will continue to update as we approach June so check out which products you own and how they may be impacted. Continue reading