Investments in cybersecurity and physical security are proportionally connected to your organization’s improved financial picture for a long-term perspective. Our digital lives are getting smaller as technology simplifies our communications, but cyber attacks are also prevalent. While the Internet radically changes the way organizations operate globally, from handling sensitive […]
In all of our previous articles so far in this series, we discussed all the examples only on rooted devices and emulators. Generally, there are people who argue that it is not possible to exploit certain vulnerabilities such as insecure data storage on non-rooted devices. In this article, we […]
Regin, a highly advanced spying tool
A few weeks ago, Symantec security firm published the results of its investigation on the backdoor Regin, a highly advanced spying tool used in cyber espionage campaigns against governments, private companies, researchers, private individuals and infrastructure operators worldwide. Regin is considered much more than […]
The era of spear phishing and the waterhole attack, which uses social engineering, has come to an end. Hackers are now moving their tricky brains towards targeted Malvertising — a type of attack that uses online advertising to spread malware. A recent campaign termed “Operation death click” displays a […]
It is true that Java cannot take credit in being among the safest options to use online, due to the vulnerabilities that emerge within its applications on a regular basis. Third-party code libraries are used for enriching Java, and this is the major reason why such an environment is […]
Recently, the Norse DarkWolf Labs noted that the IP address 188.8.131.52 had jumped into the top quadrant for malicious activity. Investigation into the activity and the IP itself highlights the many challenges in accurately attributing such events to known actors, as illustrated in this article.
The IP – assigned to […]
In this article series, we will learn at the various concepts of Android application security while exploiting a vulnerable app InsecureBankv2. We will be looking at all the concepts from a noob’s perspective and hence i would recommend this blog series to beginners as well.
The first thing to do […]
US critical infrastructure under attack
US authorities are warning companies operating in every industry of a significant increase in the number of cyber attacks that target US critical infrastructures every day.
State-sponsored hackers and cyber criminals are constantly targeting control systems and other vital components present into critical infrastructures. The energy […]
Establishing a penetration testing methodology is becoming increasingly important when considering data security in web applications. The more we come to rely on networked communication and cloud-based data systems, the more we leave ourselves vulnerable to potentially damaging cyber attacks by outside parties.
While designing and safeguarding secured systems has […]
A mythological three-headed dog was supposed to guard the gates of Redmond. But it turns out that Kerberos was very poorly implemented in numerous versions of Microsoft Windows.
On November 18th, Microsoft released a crucial security bulletin. A severe vulnerability existed in Windows that can be exploited for privilege escalation […]
All businesses handle sensitive data of one kind or another. Whether this is confidential client information, financial details, or even employee addresses, it should all be treated carefully and shouldn’t be put at risk. Data is most frequently put at risk when it is shared – this is typically […]
Two years ago I wrote a basic and a straightforward guide here in Infosec Institute Resources on how to survive a hacker conference or convention and an information security gathering which I think should be expanded, improved and should also focus on enjoying such eximious event.
Another definite reason why […]
SSH service running on port 22 is one of the most widely used services on the Internet. There are numerous reasons for its widespread use, among which is direct access to the remote system over a security encrypted communication channel. SSH service distinguishes among lesser used SSH-1 and most […]
Mobile devices these days handle lots of sensitive information – messages, photos, contacts and more. The question about how this data is stored on the device will obviously arise, especially since mobile devices are more prone to theft. In this article, we will explore why data on a device […]
Although the Internet is responsible for a lot of amazing improvements in modern society, there is a whole different story when it comes to our privacy. Indeed, there are several alarming privacy breaches that require our attention and call for immediate action.
Rather than standing idle and taking the punch […]
We’re coming to the end of a period of Saturn and Pluto being in mutual reception. It started on October 16th 2012, and it’ll end on December 24th of this year. In the middle of that time, in June 2013, Edward Snowden, a man who’s about my age, revealed […]
We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like to introduce an awesome tool named Drozer.
Drozer is a framework for Android security assessments developed by MWR Labs. It is […]
Financial institutions conducting online brokerage, alternative payments, Internet banking and other similar activities have been facing a growing number of malware-based attacks. According to Wontok SafeCentral, modern malware ranging from botnets to keyloggers to ransomware to spyware is capable of emptying bank accounts in seconds.
The institutions responsible for monetary […]
Wrong conviction and bad habits
Before the introduction of the Masque vulnerability and related attacks, I desire to contextualize my analysis. The security community is assisting with the rapid rise in the number of attacks against mobile platforms.
The situation appears particularly worrying for the Android platform, for which the number […]
You can’t say I didn’t warn you. In August, I wrote about the growing Chinese cyberwarfare threat. In my research for that article, I spent many hours reading publically available whitepapers and reports from American, Canadian, and British agencies. Before I even started my research, I was vaguely aware […]