Another day another Zero-Day Attack: From Sucuri Blog¹ which found a remote Code Execution attack on Joomla a CMS(Content Management System) software The hackers are interested in these all the time: Because a Zero-day attack means that an attack on susceptible software can be easily taken over. Zero day exploits are sought after in the darknet. … Read more
As we get ready for 2016 From the www.timessquarenyc.org/events/new-years-eve/sponsor-new-years-eve website (with additional Text “2016”). It will look similar to the image above – maybe a different font for the numbers. So before the new year is tomorrow and it is too late to make plans… How should one improve the cybersecurity situation at your company? Of … Read more
Reading the Oversitesentry 30 Security Analysis posts I was struck by the recurring theme of detection avoidance and obfuscation is the name of the criminal game. Specifically: Rapid7’s Blog post¹ on how attackers evade SIEM (Security Information event Manager) and the interesting post by Drops² about obfuscation by Windows programs that run in the 64bit … Read more
The recently added BugSec blog¹ on Security News Analyzed page at #30 is the source. Apparently there are several NGFW (Next generation FireWalls) systems that allow the initial handshake to occur no matter the destination, including to destinations we would want to deny. It is good to point out, that an actual connection is not … Read more
What is your weakest point in your security(People, Process & Technology)? Safe to say that people are the weakest link. And by that I mean social engineering your workforce to either click on something they should not, or do something like give out too much information (yes my boss is on vacation right now). Email … Read more
