Logjam Encryption Flaw Threatens Secure Communications On Web

Logjam Encryption Flaw

Jai Vijayan from darkreading.com wrote a great article covering the Logjam Encryption Flaw. The original post can be found HERE.

Most major browsers, websites that support export ciphers impacted

More than 80,000 of the top 1 million HTTPS domains on the Internet are vulnerable to a bug in the basic design of the Transport Layer Security (TLS) protocol that is used to encrypt communications between browser clients and web servers. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

WhatsApp Security Issues

WhatsApp-SpyingKerrie Mccune from spyengage.com wrote a guest post about her thoughts on known WhatsApp Security Issues. 

The use of smartphones is the best way to stay in touch with your loved ones. And with the upsurge in the development of the instant messaging apps such as WhatsApp, Viber and a lot more have completely knocked out the traditional text messaging trend and have taken over the world of messaging. Even though there’s always a doubt with hacking of these apps; hacking WhatsApp has been confirmed as the easiest deal for an amateur hacker. Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (3 votes cast)

Comparing AnyConnect 3.1 to 4.0 and New AnyConnect 4.1 Now Available


There has been a lot of questions around the new AnyConnect licensing introduced with the AnyConnect 4.0 release. In summary, the older version of AnyConnect had many license options (TOO MANY!). So Cisco has consolidated these into two options, which are Plus and Apex. Below is a comparison of how the AnyConnect 3.1 compares to AnyConnect 4.0. Hope it helps! Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

2015 Verizon Breach Investigation Report (VBIR) Out Now – First Look


The latest 2015 Verizon Breach Investigation Report (VBIR) is now out and can be downloaded HERE. For those that have not seen these reports, they survey a number of customers and gather information about different types of breaches. It is a trend based report but great data to get an idea of which types of attacks are being seen by different types of businesses. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Threat Spotlight: TeslaCrypt – Decrypt It Yourself


I’ve posted about Ransomware such as Cryptolocker and Cryptowall (cyrptowall 2.0 HERE / Cryptowall 3.0 HERE). The idea behind Ransomware is malware ends up on a user’s system and encrypts all data on the hard drive. The malware informs the user that all data is encrypted and asks for a sum of money for the key to unencrypt the data. There typically is a time frame that the user can pay before the key is destroyed and all data is lost. There have been many variations of this threat and one recent version seen in the wild is TeslaCrypt. I have heard crazy stories such as people getting a phone call and the people claim to be Microsoft helpdesk however really attackers tricking people to install cryptolocker (learn more about this HERE).

Cisco’s security team Talos wrote a great post on how to decrypt aka save your data from the TelsaCrypt ransomware. The original post can be found HEREContinue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (4 votes cast)

Rapid7 Extends IT Security Data and Analytics Platform with Acquisition of NT OBJECTives

rapid7+metasploitBoston, MA – May 4, 2015 Rapid7, a leading provider of security data and analytics software and services, announced today that it has acquired NT OBJECTives (NTO), the web and mobile application security testing company, expanding Rapid7’s Threat Exposure Management offering to further meet the needs of modern business infrastructures. NTO’s application security testing solution – trusted by many Fortune 500 companies – analyzes web applications for security vulnerabilities and maximizes organizations’ ability to effectively reduce IT security risk. Rapid7 is offering this technology under the name Rapid7 AppSpider, available immediately to customers. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

OpenVAS 8.0 Vulnerability Scanning


My buddy Aamir Lakhani wrote a interesting post on the latest update of OpenVAS 8.0. This is a very useful vulnerability scanner available in Kali Linux. The original post can be found HERE.

Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, we wanted to give a quick overview on how to get it up and running. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)