1221 matches found
How Do SMEs Fight Off Cyberattacks?
I'd like to address some of the concerns that small and medium sized enterprises SMEs may have around cybersecurity, especially in the wake of the WannaCry ransomware attack and a continuous news flow around successful attacks on high profile companies. Does the fact that well-known brands are...
Zeus - AWS EC2 / S3 Auditing & Hardening Tool
Zeus is a powerful tool for AWS EC2 / S3 best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access Management Avoid the use of the "roo...
FBI Releases Article on Protecting Business Email Systems
The Federal Bureau of Investigation FBI has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use ...
FTC Releases Alert on Identity Theft
The Federal Trade Commission FTC has released an alert about how quickly criminals begin using your personal information once it is posted to a hacker site by an identity thief. FTC researchers found that it can take as few as 9 minutes for crooks to access stolen personal information posted to...
Senate's Use of Signal A Good First Step, Experts Say
On Tuesday the United States Senate made it official and approved the use of encrypted messaging app Signal by staffers. Encryption advocates applauded the measure, but say more needs to be done to protect “civic” infrastructure critical to democracy. “The move to secure communications...
Strengthening Network Access Security with Multi-Factor Authentication
As technology continues to develop, more and more applications become not just convenient, but necessary. It was less than a decade ago that it was inconceivable we would 'need' to carry a consumer device to access the internet in our pockets. Today, it is essential. The same is true with the...
Remote Access no longer needs to be Complex and Cumbersome
From an IT management perspective, remote access management can be complex. Deployment, administration, testing and compliance is often multifaceted and time consuming, and security is an on-going concern. Granted, I have talked with IT professionals who tell me VPNs - being the primary remote...
Websites Can Now Track You Online Across Multiple Web Browsers
You might be aware of websites, banks, retailers, and advertisers tracking your online activities using different Web "fingerprinting" techniques even in incognito/private mode, but now sites can track you anywhere online — even if you switch browsers. A team of researchers has recently developed...
Gameover ZeuS Trojan Targets Users of Monster.com Employment Portal
Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab...
Hesperbot - A New Banking Trojan that can create hidden VNC server on infected systems
Security firm ESET has discovered a new and effective banking trojan, targeting online banking users and designed to beat the mobile multi-factor authentication systems. Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users ...
Hesperbot - A New Banking Trojan that can create hidden VNC server on infected systems
Security firm ESET has discovered a new and effective banking trojan, targeting online banking users and designed to beat the mobile multi-factor authentication systems. Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users ...
CVE-2013-0258
The Google Authenticator login galogin module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username...
CVE-2013-0258
The CVE-2013-0258 entry concerns the Drupal ga_login module (Drupal 7.x) prior to 7.x-1.3, where multi-factor authentication is enabled but an attacker can bypass login by using a username if no Google Authenticator token is associated with the account. The root cause is a flawed authentication b...
SA-CONTRIB-2013-012 - Google Authenticator login - Access Bypass
This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. Users with the permission to use multi-factor authentication need to associate a Google Authenticator token with their acount...
Barracuda SSL VPN 680 Cross Site Scripting
Exploit for php platform in category web applications Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities Introduction: ============= The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any Web...
Report: Facebook To Offer Bounties For Bugs
Social networking giant Facebook will soon begin paying security researchers for information on vulnerabilities in its platform, according to a report from the Hack in the Box security conference in Amsterdam. Facebook’s Chief Security Officer Joe Sullivan told Softpedia that the company would so...
Facebook Adds Two-Factor Authentication
Social networking giant Facebook announced on Tuesday that it was introducing a two-factor security feature that will make user accounts harder to hijack. The announcement was part of a group of security enhancements by Facebook that includes improved secure HTTP features and social reporting too...
RSA Hack Yields SecurID Secrets
RSA Security, a division of EMC Corp. has admitted that it was the victim of a sophisticated attack that resulted in the theft of secrets related to its SecurID two-factor authentication product. The disclosure came in a blog post by RSA chief Art Coviello on Thursday. Coviello said that the...
Here's How to Fix Online Banking Fraud
Guest editorial by Roel Schouwenberg Over the last few months, there’s been quite a lot of news chatter around Banker Trojans emptying out online bank accounts of small businesses in the U.S. Today, I was reading one of such stories on Brian Krebs’ site. After reading that story I came across...
Man in the Browser: Inside the Zeus Trojan
Man in the Browser a.k.a MITB is a new breed of attacks whose primary objective is to spy on browser sessions mostly banking and in that process intercept and modify the web page contents transparently in the background. In a classic MITB attack, it’s very likely that what the user is seeing on...