Next Generation Firewalls

Firewalls protect the gateway to your network and to your data and applications, and maintaining threat protection is essential.

The problem is that firewalls are pretty stupid – they are like a security guard on the door of a club, allowing in only those guests who are on the list and rejecting anyone who Is not.

The problem is that hackers and emerging threats have become much more sophisticated in gaining entry, and in addition, modern business networks are much more porous than they once were – there are now multiple entry points into a network, and firewalls can be bypassed. Read the rest of this entry »

Wordpress VulnerabilitiesI would like to thank Malwarelist.net for posting this article. They have a great deal of useful articles on malware and other threats to your computer. I would encourage readers to check out some of their internet security articles once you are finished reading here.

Your blog or other WordPress website likely has a great deal of time and effort put into it, and often it can have great personal significance to the owner. There are people and programs out there, however, for one reason or another, that seek to disrupt it or otherwise take it over. That is why you need to be as security conscious as possible when using your WordPress website and administering it. The last thing you want is for your website to be the next victim in a long string of attacks. Read the rest of this entry »

Drupal vulnerabilitiesDangerous vulnerability has been fixed in Drupal. The most serious issue outlined in the advisory (CVE-2015-3234) allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

The victim must have an account in a certain OpenID-providers for a successful attack.

Vulnerabilities identified in the module OpenID, allows a potential attacker to log in as an administrator. However, for a successful attack the victim must have an account associated with the OpenID-providers (for example: Verisign, LiveJournal, StackExchange, and some other). Read the rest of this entry »

Computer VirusThere is a new kid of the virus block, and a pretty nasty kid it is too. Named Rombertik, it is generally picked up from attachments on phishing emails (usually appearing to be a .PDF file in the case of this virus).

Maybe one of those emails you received claiming you have won a prize, claiming to be a message from Microsoft, or asking you to validate your bank details. Read the rest of this entry »

Password SecurityCloud-based services, aka services that store your information on a server as opposed to your own hard drive, have been embraced by individuals and business users alike.

Everything from banking apps, email and even social media accounts are now all accessible via the Cloud on multiple devices with nothing more than an internet connection, which means we’re able to enjoy a greater range of services than ever before.

However, cloud accounts require passwords to restrict user access, and with so many accounts to keep track of, it’s tempting to use the same run-of-the-mill passwords for multiple services. It might be a very convenient way of doing things (after all, you need to be able to remember your logins), but by sticking to what you know, you’re increasing your vulnerability online and compromising the security of your cloud data. Read the rest of this entry »


cisco company logoFour new vulnerabilities in the Cisco products

Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.

Affected Products:

  • Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
  • Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
  • Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
  • Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)

Read the rest of this entry »

BlackArch Linux logoPresented new BlackArch Linux ISOs & installer, specialized distribution for security researchers and penetration testers.

Distribution built on Arch Linux packet-based and includes over 1200 security-related utilities. Supported Projects package repository is compatible with Arch Linux, and can be used in conventional plants Arch Linux.

Distribution supports assemblies for architectures: i686, x86_64, armv6h and armv7h. New BlackArch Live ISO size: 3.6 GB. As graphic environments have a choice of window managers: dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm. Read the rest of this entry »

CCTV surveillanceCCTV surveillance has turned out to be a necessity for every business that wants to carry out their business operations in a safe and secured environment.

You will be glad to know that beefing up the security in your office not only helps you to prevent thefts and hooliganism but it also provides a sense of security to your employees. Read the rest of this entry »

Hole in LinuxCVE-2015-0240: A critical remote vulnerability in Samba

Employees MSVR (Microsoft Vulnerability Research) discovered a critical vulnerability the Samba daemon (smbd).

In unplanned releases of Samba 4.1.17, 4.0.25 and 3.6.25 fixed a critical vulnerability (CVE-2015-0240), which can be used to initiate the execution of code on the server side.

Danger problem compounded by the fact that the vulnerability can be exploited without an authentication – to carry out the attack enough send a few specially designed anonymous netlogon-packets on the network port SMB / CIFS of the server. Since by default, smbd daemon runs under root privileges, in the case of a successful attack the attacker can gain root-access to the server. Read the rest of this entry »

Defending Your Business from cryptolockerCryptolocker – a program that belongs to the category of so-called “ransomware”.

Cryptolocker encrypts files on the hard disk drive of a computer running Microsoft Windows and requires the payment of redemption, before you download the server private key to decrypt the files. You need to pay a ransom for 72-96 hours. If during this time the money is not transferred to the designated account, key to decrypt the file is deleted and it is impossible to restore files. Read the rest of this entry »