Mar 24 2021

What businesses need to know to evaluate partner cyber resilience

Category: Cyber resilience,Vendor AssessmentDISC @ 9:32 am
What businesses need to know to evaluate partner cyber resilience

Many recent high-profile breaches have underscored two important cybersecurity lessons: the need for increased scrutiny in evaluating access and controls of partners handling valuable customer data, and the imperativeness of assessing a third party’s (hopefully multi-layered) approach to cyber resilience.

Given the average number of tech tools, platforms and partnerships today, having a clear and consistent partner evaluation process is critical for the protection of customer data and in limiting overall risk of exposure to cyber attacks. It is not an area where a business can “cut corners” to save time or dollars if the partnership cost seems too good to pass up – the long-term risk is simply not worth the short-term gain.

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) included security ratings or scorings as part of its cyber risk reduction initiative. This is significant as it showcases there’s a need for consistent industry measurement to give businesses an objective, quantifiable way of determining an entity’s cyber risk and the level of trust they may incorrectly give to their partners who handle their data. While severalagencies and government stakeholders are starting to use security ratings, this idea of a uniform scoring system is still a pretty novel concept that will continue to evolve.

In the meantime, here are four questions businesses should ask when determining a partner’s cyber resilience to reduce the possible risks that come with giving external parties access to sensitive data.

What are your current standards for protecting customer data?

IT Vendor Risk Management A Complete Guide - 2021 Edition by [Gerardus Blokdyk]

Tags: evaluate partner cyber resilience

Mar 23 2021

Accellion Supply Chain Hack

Category: App Security,File Security,Vendor AssessmentDISC @ 11:37 pm
Accellion Supply Chain Hack

Tags: Hacking, patching, supply chain, vulnerabilities

Mar 23 2021

Best Practices for Data Hygiene

Category: data security,Information Security,MetadataDISC @ 2:28 pm
5 Data Hygiene Best Practices To Keep Your Data Reliable - Winpure

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.

These actions serve to:

  • limit the amount of data collected to only that which is necessary to support the purposes of the data collection
  • keep data from being modified in unauthorized ways, or accidentally
  • destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
  • prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
  • not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
  • keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
  • keep unauthorized entities from accessing data

Source: Best Practices for Data Hygiene

Tags: Data Hygiene

Mar 23 2021

MITRE ATT&CK® Framework

Category: Attack MatrixDISC @ 10:56 am
What Is MITRE ATT&CK and How Is It Useful? | From Anomali

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

Mar 23 2021

Tackling cross-site request forgery (CSRF) on company websites

Category: Web SecurityDISC @ 9:42 am
Tackling cross-site request forgery (CSRF) on company websites

CSRF arises because of a problem with how browsers treat cross origin requests. Take the following example: a user logs into site1.com and the application sets a cookie called ‘auth_cookie’. A user then visits site2.com. If site2.com makes a request to site1.com, the browser sends the auth_cookie along with it.

Normally this doesn’t matter, if it’s a GET request then the page is served, and the same-origin policy stops any funny business. But what if site2.com makes a POST request instead? That request came from the same computer as the valid session and uses the correct authentication cookie. There’s no way to tell the difference, and any state-changing operation can be performed.

During the course of a recent penetration test I noticed that, on the application I was assessing, admins had the ability to add web pages: a pretty reasonable action for the site in question. Unfortunately, the action of adding a page was vulnerable to CSRF. My pen test attack not only created a new page, but also stole administrative credentials from the site, using some unorthodox HTML.

Now, the start of any CSRF attack is always the payload. The first thing to note here is that when an iframe loads, it sends a GET request to whatever is specified in the ‘src’ parameter. Normally this is a standard page, and the content is displayed. But what if you framed a ‘log-off’ page which invalidated your authentication cookie and then redirected you back to ‘index.html’?

Well, turns out it does exactly what it says on the tin, but, importantly, it doesn’t redirect the entire page, only the contents of the iframe. The following code logs a user out without causing a redirect, so any malicious JavaScript injected will still execute.

CSRF

Source: Tackling cross-site request forgery (CSRF) on company websites

Rethinking Cross-Site Request Forgery in Light of Big Data

Emerging Trends in ICT Security: Chapter 20. CSRF and Big Data: Rethinking Cross-Site Request Forgery in Light of Big Data (Emerging Trends in Computer Science and Applied Computing) by [Maria Angel Marquez-Andrade, Hamzeh Roumani, Natalija Vlajic]

Tags: cross-site request forgery, CSRF

Mar 23 2021

Taking a Security-First Approach to Cloud Migration

Category: Cloud computingDISC @ 9:22 am
Taking a Security-First Approach to Cloud Migration

The pandemic and lockdowns hit their first anniversary mark, and many companies continue to have their employees work from home for the foreseeable future. Over the past year, organizations have seen how important cloud computing is to business operations.

In fact, according to a MariaDB survey, 40% of respondents said that COVID-19 accelerated their migration to cloud, and IDC found that while cloud spending increased slightly during the early months of the pandemic, other IT-related spending decreased.

If nothing else, 2020 showed organizations the advantages of cloud services. Of course, with more cloud use, there is more cloud risk. With almost all cloud teams working remotely, there has been an uptick in security vulnerabilities and a concern that there are ongoing cloud security issues that have yet to be discovered. Organizations are migrating so quickly to the cloud that security is an afterthought, and that has consequences.

Instead, a new Deloitte study recommended, this move to the cloud should work with cybersecurity as a differentiator to gain consumer trust. “An integrated cloud cyber strategy enables organizations to use security in their transformation in a way that promotes greater consumer trust, especially in today’s digital age,” the report stated. Any migration to the cloud should take a security-first approach.

Why Security First?

With an integrated, security-by-design cloud cybersecurity strategy, organizations can use security in digital transformation as a driver rather than as an afterthought, said Bhavin Barot, a Deloitte risk and financial advisory principal in the cyber and strategic risk practice, in an email interview. Leveraging secure design principles during a digital transformation or cloud migration helps organizations in the following ways, Barot added:

  • Incorporating leading-edge, innovative approaches such as intelligent threat detection.
  • Reducing risks related to technology, insider threats and the supply chain.
  • Elevating the DevSecOps posture for developers and engineers and
  • Establishes a cyber-forward approach that reinforces business objectives, enabling security principles such as zero trust.

Taking a Security-First Approach to Cloud Migration

Tags: cloud computing risks, Cloud Migration, cloud security

Mar 22 2021

Details of a Computer Banking Scam

Category: CybercrimeDISC @ 11:09 pm
Details of a Computer Banking Scam

Types Of Online & Banking Frauds And How To Be Safe ?: Online Banking Scams and tips to be safe by [Sayed Mahboob Hasan Hashmi]

Tags: Computer Banking Scam

Mar 22 2021

The MITRE Att&CK Framework

Category: Attack Matrix,Information SecurityDISC @ 3:55 pm

A recent article from Gartner states that, “Audit Chiefs Identify IT Governance as Top Risk for 2021.” I agree that IT governance is important but I question how much does the IT governance board understand about the day to day tactical risks such as the current threats and vulnerabilities against a companies attack surface? How are the tactical risks data being reported up to the board? Does the board understand the current state of threats and vulnerabilities or is this critical information being filtered on the way up?

If the concept of hierarchy of needs was extended to cyber security it may help business owners and risk management teams asses how to approach implementing a risk management approach for the business.

There are three key questions to ask:

  1. How confident are you in your organization’s ability to inventory and monitor IT assets? 
  2. How confident are you in your organization’s ability to “detect unauthorized activity”? 
  3. How confident are you in your organization’s ability to identify and respond to true positive incidents within a reasonable time to respond? 
No alt text provided for this image
Source: medium

Layers 1-2 – Inventory and Telemetry – The first two layers are related to asset inventory which is part of the CIS Controls 1-2. How can you defend the vulnerable Windows 2003 server that is still connected to your network at a remote site?

Layers 3-4 – Detection and Triage – These layers are related to a SOC/SIEM/SOAR program which will allow the cyber security team to begin to detect threats through logging and monitoring.

Layers 5-10 – Threats, Behaviors, Hunt, Track, Act – The final layers are threat hunting, tracking and incident response and this is where the MITRE framework is very helpful to identify threats, understand the data sources, build use cases and prepare the incident response playbooks based on real world threat intelligence.

To more about What is the MITRE’s Att&CK Framework? Source: The MITRE Att&CK Framework

Tags: MITRE Att&CK Framework

Mar 22 2021

FCC Boots Chinese Telecom Companies, Citing Security

Category: Cyber Attack,Cyber Communication,Cyber Espionage,cyber security,Cyber Spy,Cyber surveillance,Cyber Threats,Cyber War,CybercrimeDISC @ 11:01 am
FCC Boots Chinese Telecom Companies, Citing Security

he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.

The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”

In June 2020, the FCC designated both ZTE and Huawei as national security threats. “… [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services.  The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”

ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.

FCC Boots Chinese Telecom Companies, Citing Security

Tags: Chinese Telecom

Mar 22 2021

How to stay ahead of the rise of synthetic fraud

Category: Cyber Attack,Cyber Threats,CybercrimeDISC @ 9:30 am
How to stay ahead of the rise of synthetic fraud

There are a number of reasons why synthetic fraud is on the rise, but there are also actions banks and other financial institutions can take to prevent this growing trend from doing damage.

Synthetic fraud on the rise

Banks around the world have faced difficulty in recognizing this type of complex fraud. Synthetic identity fraudsters are expert cybercriminals. They make use of the dark web to acquire legitimate personal information which they then blend with falsified information. They will then use this newly formed identity to establish a positive credit report and spend or borrow until they’ve maxed out their spending abilities.

They will often have multiple synthetic identities in play simultaneously to maximize the impact of their efforts. And it is hard to detect because these synthetic identities even have genuine profiles with the credit bureaus which the fraudsters creatively engineer.

An economic environment primed for fraud

Due to the economic toll the coronavirus pandemic has taken on the world, global GDP is expected to be negative this year. As a result, there has been and will continue to be an increase in the size of the banks’ loan portfolios, as businesses that are struggling to manage working capital requirements in a challenging commercial climate seek new lines of credit. The same demand for additional credit is similarly anticipated for retail customers.

As such, it will be easier to hide fraud within an environment where there is more lending activity, a larger portfolio to monitor and more losses to recover. This environment allows criminals to hide inside the noise of economic turmoil, while financial institutions struggle to cope with the sheer volume of applications, overwhelmed with the amount of identity checking they have to undertake.

It will also become harder to differentiate between delinquencies and defaults from genuine customers in distress and deliberate attacks from fraudsters as these loans come due for repayment.

Further, more individuals may be tempted to turn to fraud to maintain their lifestyles in an environment where they’ve lost jobs, financial security and are dealing with other economic difficulties.

How to stay ahead of the rise of synthetic fraud

Tags: synthetic fraud

Mar 21 2021

Dirt Cheap DDoS for Hire, via D/TLS Amplification

Category: DDoS,Information SecurityDISC @ 10:33 pm
Dirt Cheap DDoS for Hire, via D/TLS Amplification

A new way of sending powerful denial of service traffic emerged this week. Malefactors are now misusing servers that talk Datagram Transport Layer Security (D/TLS).

Typified by Cisco’s Netscaler ADC product, before a patch was released in January, some D/TLS servers don’t check for forged requests. That allows scrotes to misuse these high-bandwidth servers to deny internet service to people they want to extort money from.

This possibly includes Sony, whose LittleBigPlanet service has been AWOL for a week. In today’s SB Blogwatch, we ask the question.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: But is it art?

Dirty Deeds: DDoS D/TLS

What’s the craic? Dan Goodin reports in—“~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet”:

 DDoSes are attacks that flood a website or server with more data than it can handle. The result is a denial of service to people trying to connect to the service. As DDoS-mitigation services develop protections … the criminals respond with new ways to make the most of their limited bandwidth.

In so-called amplification attacks, DDoSers send requests of relatively small data sizes to certain types of intermediary servers. … DDoS-for-hire services [are] adopting a new amplification vector … D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets.

The biggest D/TLS-based attacks Netscout has observed delivered about 45 Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207 Gbps.

Abusable D/TLS servers are the result of misconfigurations or outdated software that causes an anti-spoofing mechanism to be disabled. While the mechanism is built in to the D/TLS specification, hardware including the Citrix Netscaler Application Delivery Controller didn’t always turn it on by default.

Dirt Cheap DDoS for Hire, via D/TLS Amplification

Tags: DDoS D/TLS

Mar 21 2021

Ransomware Payments Jumped 171% In 2020: Report

Category: Information Security,RansomwareDISC @ 10:25 am
Ransomware Payments Jumped 171% in 2020: Report

A new report has emerged stating that average ransomware payments jumped by more than 171% in 2020, suggesting that cybercriminals have benefitted from an extremely lucrative period throughout the pandemic. 

The numbers come from Palo Alto Networks, who noted an 171% increase in ransomware payments from organisations and individuals that had been hit by the malicious software. 

In essence, malicious software like ransomware takes control of a user’s computer, and encrypts the data. This encryption leaves the data on that device locked up, and can only be made accessible again once a password – or decryption tool – is offered by the hacker in question. 

Hackers are happy to make these tools available to their victims, so long as they pay a price. 

According to the report in question, that price has been skyrocketing as cybercriminals look to exploit those impacted by ransomware software that often have sensitive private and corporate information stored on their device. 

That report was published recently after analysing more than 19,000 network sessions, data from more than 250 ransomware leak websites and thanks to information provided by 337 organisations that had been hit by a ransomware attack. 

The Ransomware Threat Report 2021 states that on average, ransoms paid by victims to hackers has increased from USD $115,123 to more than $312,000 in 2020. 

Authors of the report say that they noted the largest ransomware payment paid to hackers had also doubled, from $5 million to more than $10 million. 

Ransomware Payments Jumped 171% In 2020: Report

Mar 20 2021

A threat actor exploited 11 zero-day flaws in 2020 campaigns

Category: Zero dayDISC @ 11:46 pm
A threat actor exploited 11 zero-day flaws in 2020 campaigns

Google researchers observed two separate waves of attacks that took place in February and October 2020, respectively. Threat actors set up malicious sites in a series of watering hole attacks that were redirecting visitors to exploit servers hosting exploit chains for Android, Windows, and iOS devices.

“In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via “watering hole” attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices.” wrote the popular Project Zero researcher Maddie Stone. “These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in this blog post series.”

A threat actor exploited 11 zero-day flaws in 2020 campaigns

Tags: zero-day flaws

Mar 19 2021

The benefits and challenges of passwordless authentication

Category: Password SecurityDISC @ 1:38 pm
The benefits and challenges of passwordless authentication

Passwordless authentication swaps traditional passwords for a system that identifies users by more secure methods such as “possession factor” or “inherent factor.” By switching to a passwordless approach, companies provide their employees with the same effortless and secure authentication methods that users experience on their smartphones (e.g., FaceID or fingerprint scanner). Sometimes this is confused with 2-factor authentication, because the second factor of 2FA is typically passwordless, but passwordless access is different.

There are different ways to implement passwordless authentication:

  • Via a user’s email, which is considered to be a secure method to transmit a token that can be used by a person to confirm their identity
  • Through the user’s smartphone, which is protected with a passcode and biometry. There are authenticator applications that may generate one-time passwords or receive push notifications asking the user to confirm the login
  • Through a hardware token to be connected via USB, NFC, or BLE. Some hardware tokens can also generate one-time passwords and even have a keyboard to provide the ability to input data (e.g., an authentication challenge code).

Passwordless authentication is a relatively new method so it can be challenging to choose the type of implementation relevant to your needs. Below we compare the advantages and disadvantages of using email, a mobile authenticator, and hardware token.

implement passwordless

The benefits and challenges of passwordless authentication

Advantages and Disadvantages of Password Authentication

Tags: passwordless

Mar 19 2021

Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Category: App Security,Backdoor,Information SecurityDISC @ 10:11 am
Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Remember XcodeGhost?

It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way.

You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway.

Nevertheless, this redistributed version of Xcode seems to have been popular in China at the time – perhaps simply because it was easier to acquire the “product”, which is a multi-gigabyte download, directly from fast servers inside China.

The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself.

The implanted malware was buried in places that looked like Apple-supplied library code, with the result that Apple let many of these booby-trapped apps into the App Store, presumably because the components compiled from the vendor’s own source code were fine.

As we said at the time, “developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost.

As you probably know, this sort of security problem is now commonly known as a supply chain attack, in which a product or service that you assumed you could trust turned out to have had malware inserted along the way.

Meet “XcodeSpy”

Tags: Xcode devs, XcodeSpy

Mar 18 2021

With data volumes and velocity multiplying, how do you choose the right data security solution?

Category: Cloud computing,data securityDISC @ 10:00 am
With data volumes and velocity multiplying, how do you choose the right data security solution?

Choosing the right data security solution

Jean Le Bouthillier, CEO of Canadian data security startup Q​ohash​, says that organizations have had many issues with solutions that generate large volumes of (often) not relevant and not actionable data.

“My first piece of advice for organizations looking for the right data security solutions would be to consider whether they provide valuable metrics and information for reducing enterprise data risks. It sounds obvious, but you’d be surprised at the irrelevance and noisiness of some leading solutions — a problem that is becoming a nightmare with data volumes and velocity multiplying,” he told Help Net Security.

They should also analyze the pricing model of solutions and ensure that they are not presenting an unwelcome dilemma.

“If the pricing model for protecting your data is volume-adjusted, it will mean that over time, as data volumes increase, you’ll be tempted to reduce the scope of your protection to avoid cost overruns,” he noted. Such a situation should ideally be avoided.

Another important point: consider returning to basics and ensuring that you have a solid data classification policy and the means to automate it.

“Data classification is the fundamental root of any data security governance because it provides clarity and authority to support standards and other programs like user awareness efforts. In the context of data governance, data visibility and, ultimately, data-centric controls can’t work without data classification,” he explained.

“Think back on the millions of dollars spent on artificial intelligence projects that didn’t result in operational capabilities because little attention was paid to data quality, and accept that data protection projects – like any other ambitious project – can’t succeed without rock-solid foundations.”

With data volumes and velocity multiplying, how do you choose the right data security solution?

Tags: Data security solution

Mar 18 2021

Exploiting Spectre Over the Internet

Category: Security vulnerabilities,Web SecurityDISC @ 9:45 am
Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web:

Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We have developed an interactive demonstration of the attack available at https://leaky.page/ ; the code and a more detailed writeup are published on Github here.

The demonstration website can leak data at a speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. Note that the code will likely require minor modifications to apply to other CPUs or browser versions; however, in our tests the attack was successful on several other processors, including the Apple M1 ARM CPU, without any major changes.

Tags: Exploiting Spectre

Mar 17 2021

Hackable: How to Do Application Security Right

Category: Hacking,Information SecurityDISC @ 11:00 pm

If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk too.

Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, you may be uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or maybe you think you do know, but don’t realize what you’re doing wrong.

To defend against attackers, you must think like them. As a leader of ethical hackers, Ted Harrington helps the world’s foremost companies secure their technology. Hackable teaches you exactly how. You’ll learn how to eradicate security vulnerabilities, establish a threat model, and build security into the development process. You’ll build better, more secure products. You’ll gain a competitive edge, earn trust, and win sales.

Hackable: How to Do Application Security Right

Tags: Hackable

Mar 17 2021

Serious Security: The Linux kernel bugs that surfaced after 15 years

Category: Linux SecurityDISC @ 10:41 pm
Serious Security: The Linux kernel bugs that surfaced after 15 years

Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel…

…in code that had been sitting there inconspicuously for some 15 years.

Fortunately, it seemed that no one else had looked at the code for all that time, at least not diligently enough to spot the bugs, so they’re now patched and the three CVEs they found are now fixed:

  • CVE-2021-27365. Exploitable heap buffer overflow due to the use of sprintf().
  • CVE-2021-27363. Kernel address leak due to pointer used as unique ID.
  • CVE-2021-27364. Buffer overread leading to data leakage or denial of service (kernel panic).

The bugs were found in the kernel code that implements iSCSI, a component that implements the venerable SCSI data interface over the network, so you can talk to SCSI devices such as tape and disk drives that aren’t connected directly to your own computer.

Of course, if you don’t use SCSI or iSCSI anywhere in your network any more, you’re probably shrugging right now and thinking, “No worries for me, I don’t have any of the iSCSI kernel drivers loaded because I’m simply not using them.”

After all, buggy kernel code can’t be exploited if it’s just sitting around on disk – it has to get loaded into memory and actively used before it can cause any trouble.

Except, of course, that most (or at least many) Linux systems not only come with hundreds or even thousands of kernel modules in the /lib/modules directory tree, ready to use in case they are ever needed, but also come configured to allow suitably authorised apps to trigger the automatic loading of modules on demand.

Serious Security: The Linux kernel bugs that surfaced after 15 years

Tags: Linux kernel bugs

Mar 17 2021

Understand the core Concepts of Information Assurance & InfoSec

Category: cyber security,HackingDISC @ 2:10 pm
Information Security VS Cybersecurity VS Ethical Hacking

Today’s world uses the information for a variety of purposes. City officials install traffic signals with traffic movement information, and accounting professionals use revenue and expenditure information to calculate annual earnings. So, experts established different domains intending to secures information. Such domains are Information security, Cybersecurity, and Ethical hacking.

Information Security VS Cybersecurity VS Ethical Hacking

more on: Information Security VS Cybersecurity VS Ethical Hacking

Tags: Concepts of Information Assurance & InfoSec, Ethical Hacking, Hands on Hacking

« Previous PageNext Page »