ITsecurity
twitter facebook rss

NHS Trusts and the threat from ransomware

Posted by Kevin on November 19, 2016

Healthcare has become a major target for extortionists for two primary reasons: firstly, patients rather than profits are the priority with less being spent on IT and security than by outright commercial firms; and secondly, there is huge pressure to get systems back up and running when health and potentially lives are at stake. These […]

PwC chooses ImmuniWeb for vulnerability and penetration testing

Posted by Kevin on July 14, 2015

PCI DSS mandates at least annual vulnerability scanning and penetration testing. But there are well known problems with both. Vulnerability scanning on its own is not ultimately enough; and traditional manual penetration testing is too expensive for all but the richer companies. Furthermore, a penetration test is simply a moment in time: just because you […]

Researchers play Whack-a-Mole with Google Password Alert

Posted by Kevin on May 3, 2015

Phishing is a huge problem with no indication of any solution (see, for example, Phishing: detection and prevention). Last week Google attempted to alleviate the issue with the release of a Chrome extension: Password Alert. If you end up on a phishing page that asks you to enter your Google password, the extension pops up […]

Looking for the worm in the Apple Watch?

Posted by Tara Taubman-Bassirian on March 10, 2015

Apple watch has been officially presented. As a sophisticated gadget that is highly desirable. Much more aesthetic than google glasses, Kashmir Hill describes its functionalities and privacy concerns. We know that the FTC is said to have had discussions over the privacy issues of the device. we are said that Apple will not retain data […]

Zero-day Flash vulnerability delivered by Angler

Posted by Kevin on January 22, 2015

The Angler exploit kit has, according to Cisco’s latest report, replaced Blackhole as the kit of choice for the bad guys: Cisco Security Research attributes Angler’s popularity to the decision by its author(s) to eliminate the requirement of downloading a Windows executable to deliver malware. Angler’s use of Flash, Java, Microsoft Internet Explorer (IE), and […]

Is the Age of Consolidation in the security market over?

Posted by Kevin on November 24, 2014

When Symantec recently separated into two companies, one to handle the anti-virus part of the business and the other to handle the Veritas information management side, I wrote a blog for High-Tech Bridge and spoke to its founder and CEO Ilia Kolochenko. Ilia Kolochenko, CEO and founder of security firm High-Tech Bridge, is not surprised […]

A serious unfixed flaw in Facebook – maybe

Posted by Kevin on November 13, 2014

Vivek Bansal wrote to me. I have something fantastic to share with you all which can give your readers an interesting read ! This story is to bring your attention on a very serious security breach from Facebook and their casual attitude towards it. Some 11 months ago Bansal responsibly reported a Facebook flaw. Facebook […]

New vulnerability in WordPress security plugin

Posted by Kevin on September 4, 2014

ThreatPost, the Kaspersky Lab security news service, reported yesterday, A smattering of bugs, mostly cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities, have been plaguing at least eight different WordPress plugins as of late. Well it just got worse. High-Tech Bridge, operator of the ImmuniWeb online web pentesting service, has discovered a SQLi flaw […]

HTB finds SQLi flaws – CyberVor uses them

Posted by Kevin on August 7, 2014

News that Russian cybercriminals had amassed a database of 1.2 billion unique access credentials broke on August 5 when Hold Security published a report titled You Have Been Hacked. The report explained the method used by the gang, dubbed by Hold as CyberVor (‘vor’ means ‘thief’ in Russian), to employ botnets to find SQL vulnerabilities: […]

Black hats now concentrate on zero-day exploits

Posted by Kevin on July 17, 2014

Microsoft has examined the first exploitation of known vulnerabilities in its products over the last eight years. It finds that exploits peaked in 2010 with just under 70 exploits; but has reduced dramatically since then to just 20 in 2013. It separated the exploits into three categories: zero-day, exploits, exploits appearing within 30 days of […]