The cloud is expanding. More applications are being run online. More data is being stored online. More businesses are relying on public, private, and hybrid clouds for their apps, records, and backups. And more hackers are taking advantage.
Why Security Breaches Happen in the Cloud
Hackers aren’t attacking the cloud; the […]
In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We will also cover all the main concepts surrounding NAP and various design scenarios and best practices.
Network Access Protection (NAP) is a platform to check […]
1. IntroductionCreating a backup procedure is a very important aspect for a company, because a loss of data can result in great damage to the company, possibly even a company going bankrupt. Proper backup mechanisms are usually not in place or are poorly designed, which becomes evident once it’s […]
Security experts at Trend Micro have recently uncovered a hacking campaign dubbed “Operation Emmental” which targeted Swiss bank accounts with a multi-faceted attack.
Bad actors were able to bypass the two-factor authentication mechanism used by the bank to secure its customers’ accounts. The researchers at TrendMicro coded the campaign […]
Windows registry is a gold mine for a computer forensics investigator. During case analysis, the registry is capable of supplying the evidence needed to support or deny an accusation. There are other sources of information on a Windows box, but the importance of registry hives during investigations cannot be […]
Cyber insurance coverage has been available on the market for a decade, but only recently companies have been seeing a significant growth—sales of cyber insurance in 2013 escalated 30 percent in comparison with 2012, according to the Global Head of Professional Liability for AIG Tracie Grella.
Now cyber insurance is […]
Cloud computing is changing the way we interact with devices, software, data and processes. But some things never change, and one thing that remains true across the old and new computing paradigms is the importance of authentication to confirm the identity of the user and/or system with which we’re […]
At the beginning of this year, an Intermap poll found that cloud security is still a major obstacle to cloud adoption, with 40% of respondents still wary of going to the cloud for that reason, although many experts, such as the panel at the most recent RSA Conference, say […]
In the previous article, we had already configured the Mod-Security Firewall with OWASP Core Rule Set (CRS). But installing and configuring the Mod Security alone is not enough, as we are using the standard OWASP Core Rule set. The common problem with standard OWASP (CRS) is that it gives […]
Canadian Chinese Embassy spokesperson Yang Yundong can’t pull the wool over my eyes.
“The Chinese government has always been firmly opposed to and combated cyber attacks in accordance with the law. In fact, China is a major victim of cyber attacks,” he said on July 29th.
Mr. Yundong released that statement […]
When a cookie has secure flag set, it will only be sent over secure HTTPS, which is HTTP over SSL/TLS. This way, the authentication cookie will not be disclosed in insecure communication (HTTP). It turns out, however, that an insecure HTTP response can overwrite a cookie with secure flag […]
Websites are used daily by a large part of the world’s population to carry sensitive data from a person to an entity with online-based presence. In websites containing materials that are shown after authentication only, forms transfer data containing user credentials to server-side scripts. Users store their credit card […]
Tor is the acronym of “The onion router”, a system implemented to preserve online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers that hide user information, eluding surveillance of government and other bad actors.
The Tor project was born in the military sector, sponsored […]
Voice over Internet Protocol (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. VoIP communication has reduced the cost of international calls dramatically allowing people to dial ISD calls with a cheaper […]
In one of the previous articles, we have seen how developers implement Shared Preferences in Android applications. We have also seen how one can compromise the sensitive data stored in Shared Preferences if proper security controls are not enforced. In this article, we shall discuss how we can secure […]
This article explains how to start performing black box assessments on Android applications using Introspy. Introspy is one of the important tools in an Android pentester’s arsenal.
As per their official Github page, we can use the “Blackbox tool to help understand what an Android application is doing at runtime […]
The number of employees using their personal devices for work-related purposes is absurd. Let’s just say there’s an employee or two in every organization using personal devices at work, and be done with it.
Maybe that’s true… maybe it isn’t. The point is – and most of us know it […]
Network Administration is a field that has an enormous amount of responsibility associated with it. Despite the fact that it sounds like a relatively straightforward concept at the outset – keep the systems talking to each other- that simple phrase covers a multitude of different compatibility issues, operating systems, […]
Have New Backdoors Been Discovered in iOS? An Interview With iOS Developer and Digital Forensics Expert Jonathan Zdziarski
When the HOPE X (Hackers On Planet Earth) 2014 convention started on July 18th, one particular presentation caught the undivided attention of information security professionals. Ever since, the tech media’s been buzzing… Are there really newly discovered backdoors in iOS’s code? Is Apple spying on the countless millions of […]