Sucuri blog has the detailed information: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html In short, the plugins Jetpack and TwentyFifteen had a bad file which could be attacked by a XSS(Cross Site Scripting) method. As Sucuri blog mentions the attack is actually DOM(Domain Object Model)-based XSS, which even a WAF(Web Application Firewall) cannot see this. Of course it has to … Read more
Official Kali Linux BBQSQL site: http://tools.kali.org/vulnerability-analysis/bbqsql BBQSQL is a Python based blind SQL injection tool to test your SQL connections on the Internet. (why bbq? because SQL injection is delicious) This is a bit more advanced than the SVA -(Scan Vulnerability Analysis) within the SVAPE & C http://oversitesentry.com/tonyz/pubhtml/fixvirus/svapec/ SQL injection is more like the PE portion … Read more
The Cybersecurity field knows this has been in the works for a year now, and in 5 months it will happen. Chip in a Credit card The US will catch up to the rest of the world as world travelers know this. (Europe has had it since 2004) http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php In this image from the … Read more
A great SECINT (Security Intelligence) paper John Stewart wrote: http://www.cisco.com/web/about/security/intelligence/JNS_TTPs.pdf Basics must be mastered: patching Identity: Strong identity, federated Identity, and identity based networking Eliminate dark space Notice that the basic #1 item is patching. We must be able to cover patching on a timely basis with a regular methodology. Otherwise our systems are … Read more
Yes it is a big deal, since many IT folks do not know that malware is on all computers, Malware is short for malicious software and is typically “installed” in Windows machines with a phishing email, but what makes this unique is not just the Linux system attacks, but how they got attacked. … Read more