Sucuri blog has the detailed information: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html In short, the plugins Jetpack and TwentyFifteen had a bad file which could be attacked by a XSS(Cross Site Scripting) method. As Sucuri blog mentions the attack is actually DOM(Domain Object Model)-based XSS, which even a WAF(Web Application Firewall) cannot see this. Of course it has to … Read more
Ransomware is a scourge of evil – turning all of your data useless. from NetworkWorld Unfortunately this is a typical message(which are getting more sophisticated – attackers are allowing one file to be decrypted) Here is a Cryptolocker 2.0 message Fortunately not all ransomware actually works as prescribed. Here are just a … Read more
If you ask me the President of RSA had the best keynote at the RSA conference in San Francisco: http://www.rsaconference.com/media/escaping-securitys-dark-ages I have collected the images from the video link above: Talk was titled ” We are Living in Security’s Dark Ages” There is a lot in the 30 minute video, I recommend that if you … Read more
So I finally tried running OpenVAS on my Kali-Linux system. It did not work, stating that you have to run the install first. So I did that (as you can see above) Now I got the following window: Notice the “install” did not go well Step 1: checking OpenVAS Scanner … ERROR: No OpenVAS Scanner … Read more
Threat modeling means you will view your network with a subjective eye and find the most likely attack vector. from a security threat point of view. This is similar to risk Management, where you list all devices and show which ones need the most security attention. Threat modeling comes from a different direction – and … Read more