Patch Tuesday is here 7/8/14
Patch Tuesday is the day Microsoft has deemed to give us their vulnerability fixes. It has to be done some time and so it is done on a Tuesday (right after Monday) and still in… Patch Tuesday is here 7/8/14
New PCI DSS v3.0 released Nov 2013
DARKReading has the highlights of the changes of v3.0 compared with v2.0 SearchSecurity also has a synopsis – with the 5 most important changes: 1. Pentesting (Penetration testing) 2. inventory system components 3. Vendor relationships 4. Antimalware… New PCI DSS v3.0 released Nov 2013
4 Future Internet trends and how they affect Security
RealclearTechnology has an interesting article (the 4 headings below is my synthesis of the article) It is based out of the Cisco projections (linked in article). #1 issue there will be 4Billion Internet users, and 52%… 4 Future Internet trends and how they affect Security
Testing Cloud services
Since we advocate testing your IT services and devices, what if your organization has cloud services? How about Amazon EC2? AWS compliance keep this in mind. It is as Amazon AWS(Amazon Web Services) says it is… Testing Cloud services
National Institute of Standards and Technology (NIST) has new standards
NIST has a computer Security division and they have revamped their The On-line Database: Access and Control policy and procedures There are many good areas to review in this website, including: Don’t forget the home workers: An… National Institute of Standards and Technology (NIST) has new standards
Experian – one of the credit reporting agencies was duped
KrebsonSecurity has the story (a good security blog) a 24 year old Viet-Nam (Ngo) national helped create a situation where data from Experian was sold to online identity theft rings. The company Court Ventures helped… Experian – one of the credit reporting agencies was duped
SQL Injection is a common hacker method to attack
As noted by us-cert.gov there are many methods of taking advantage of SQL injection opening in a website. The real problem is when companies don’t admit to the breaches occuring. At Security magazine they did a survey189,650 respondents:… SQL Injection is a common hacker method to attack
National Vulnerability Database (NVD)
NVD or at the http://nvd.nist.gov/home.cfm NIST is the National Institute of Standards and Technology. NVD contains: 62145 CVE Vulnerabilities 231 Checklists 248 US-CERT Alerts 2862 US-CERT Vuln Notes 10286 OVAL Queries 89128 CPE Names… National Vulnerability Database (NVD)
Drupal vulnerability – patch your software
Yes Drupal version 7.x – 3.5 now has a remote command injection vulnerability. Packetstormsecurity has a page on it. patch to the latest software (May 3rd or newer) to prevent this. Drupal is a popular Content… Drupal vulnerability – patch your software
Wardriving: when a hacker checks wifi signals
Have you checked wifi signals as to their effectiveness? Is your wifi router/ access point using good encryption technology? Wardriving: Peter Shipley coined the term “wardriving” the practice of deliberately searching a local area looking for… Wardriving: when a hacker checks wifi signals