Years of discussion on the right to have a free and open Internet have not yet solved the matter, and the issue is still a subject of heated debate for stakeholders: users, telecommunications companies and governments. The discussion revolves not only around the ability of government to control information […]
In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the demon Fast Flux!! In this article, we will learn about what exactly Fast Flux is, types of Fast Flux, and […]
The rapid diffusion of mobile technology and the convergence of numerous services that use the paradigms, including social networking, cloud computing and payment, are urging IT and security industries to develop new solutions for the user authentication.
Passcodes, PINs and thumbprints are a few samples of mechanisms that could be […]
The term “jailbreaking” refers to circumventing security measures of a mobile operating system with the aim to install unauthorized software. The term originates from the very first hacks on iPhones. The purpose of these hacks was to break the jailed environment of iPhones, which imposed restrictions on what […]
The rising intensity of POS threats has created a precarious environment for retailers looking to protect their customers’ financial and personal data. POS systems are increasingly becoming a soft target for hackers, which is why it’s more important than ever to consider the security of these machines and the […]
In my last piece, I explained how Nintendo’s experiences with piracy and copy protection helped shape the current video game industry, where Sony has been a major player for nearly twenty years now. Technologies like the 10NES lock-out chip didn’t just help Nintendo and authorized thirdparty developers, they also […]
When I was a little girl, I loved playing Where in the World is Carmen Sandiego? and Where in Time is Carmen Sandiego? When my father bought me the MS-DOS versions of those games, I thought it was really cool that each game came with a reference book, The […]
A file inclusion vulnerability allows an attacker to access unauthorized or sensitive files available on the web server or to execute malicious files on the web server by making use of the ‘include’ functionality. This vulnerability is mainly due to a bad input validation mechanism, wherein the user’s input […]
The software industry is relentlessly moving toward centralized computing. Due to this trend, software and data are being taken away from conventional computers and positioned in public or private clouds instead. However, Microsoft has been entering into virtual cloud ambience since 2008, by introducing its consumer cloud services […]
You have (probably more than once in your life) keyed in a familiar domain name and ended up in an entirely different page that was not even close to what you had expected. Chances are that you never even noticed the abnormality and you went ahead retyping the domain […]
We have already discussed in my previous articles how to configure Mod Security Firewall with OWASP rules and also analysed the different types of logs which Mod Security generates. While analysing the logs, we have seen that the OWASP rules generate a lot of false positive results, as these […]
In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted to address security issues around WebSocket. Before going straight to security, let’s refresh our concepts on WebSocket.
Why Websocket and Not […]
Investments in cybersecurity and physical security are proportionally connected to your organization’s improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive […]
Regin, a highly advanced spying tool
A few weeks ago, Symantec security firm published the results of its investigation on the backdoor Regin, a highly advanced spying tool used in cyber espionage campaigns against governments, private companies, researchers, private individuals and infrastructure operators worldwide. Regin is considered much more than […]
The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising — a type of attack that uses online advertising to spread malware. A recent campaign termed “Operation death click” displays a […]
It is true that Java cannot take credit in being among the safest options to use online, due to the vulnerabilities that emerge within its applications on a regular basis. Third-party code libraries are used for enriching Java, and this is the major reason why such an environment is […]
Recently, the Norse DarkWolf Labs noted that the IP address 220.127.116.11 had jumped into the top quadrant for malicious activity. Investigation into the activity and the IP itself highlights the many challenges in accurately attributing such events to known actors, as illustrated in this article.
The IP – assigned to […]
US critical infrastructure under attack
US authorities are warning companies operating in every industry of a significant increase in the number of cyber attacks that target US critical infrastructures every day.
State-sponsored hackers and cyber criminals are constantly targeting control systems and other vital components present into critical infrastructures. The energy […]
A mythological three-headed dog was supposed to guard the gates of Redmond. But it turns out that Kerberos was very poorly implemented in numerous versions of Microsoft Windows.
On November 18th, Microsoft released a crucial security bulletin. A severe vulnerability existed in Windows that can be exploited for privilege escalation […]
All businesses handle sensitive data of one kind or another. Whether this is confidential client information, financial details, or even employee addresses, it should all be treated carefully and shouldn’t be put at risk. Data is most frequently put at risk when it is shared – this is typically […]