KrebsonSecurity has the story (a good security blog) a 24 year old Viet-Nam (Ngo) national helped create a situation where data from Experian was sold to online identity theft rings. The company Court Ventures helped… Experian – one of the credit reporting agencies was duped
As noted by us-cert.gov there are many methods of taking advantage of SQL injection opening in a website. The real problem is when companies don’t admit to the breaches occuring. At Security magazine they did a survey189,650 respondents:… SQL Injection is a common hacker method to attack
NVD or at the http://nvd.nist.gov/home.cfm NIST is the National Institute of Standards and Technology. NVD contains: 62145 CVE Vulnerabilities 231 Checklists 248 US-CERT Alerts 2862 US-CERT Vuln Notes 10286 OVAL Queries 89128 CPE Names… National Vulnerability Database (NVD)
Yes Drupal version 7.x – 3.5 now has a remote command injection vulnerability. Packetstormsecurity has a page on it. patch to the latest software (May 3rd or newer) to prevent this. Drupal is a popular Content… Drupal vulnerability – patch your software
Have you checked wifi signals as to their effectiveness? Is your wifi router/ access point using good encryption technology? Wardriving: Peter Shipley coined the term “wardriving” the practice of deliberately searching a local area looking for… Wardriving: when a hacker checks wifi signals
Here are the CVE vulnerablities for April 2014 so far. CVE (Common Vulnerabilities and Exposure) vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology. The most… CVE vulnerabilities for April – 2014
CVEdetails has a list of all CVE’s This is a vulnerability that is part of the infrastructure of the Internet webservers (Apache specifically) But specifically this is CVE-2014-0094 and this is the line that is important: The… Apache struts vulnerability – not as high profile, but still dangerous
I am not sure if anyone is saying this -but there are no guarantees on the Internet. We will be honest with you and tell you straight facts even to our detriment Old attacks still… We do not guarantee you will not get hacked
Session Hijacking is where an attacker Steals a network session by guessing (or other ways) the session ID (identification number). Each packet has a session ID in tcp sessions from client to server. Once… Session Hijacking is where attacker obtains access to your computers
Rapid7 has many tools like metasploit a software that runs many exploits against a target machine. “It is the world’s most used penetration testing software”. the hackers are using it, it is a great teaching tool, and of… We use pentesting tools like Metasploit from Rapid7
