Security News
Windows users under attack via two new RCE zero-daysAttackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. Widely available ICS attack tools lower the barrier for attackersThe general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems.
Is crowdsourced security really a panacea to the ills of traditional pentesting or does it create more issues? Before we tackle this let's cover what the issues of traditional pentesting actually are. A tactical solution to this has been to "Cycle" pentesting suppliers each year but - the pentesting pool of talent being so small and specialized - I've witnessed companies ending up with the same pentester two years in a row, but now working for a different company!
According to Jim O'Gorman, Chief Content and Strategy officer at Offensive Security and leader of the Kali team, Kali users generally fall into two buckets: highly informed, experienced professionals/hobbyist and individuals that are new to Linux in general. "As a whole, I think it's fair to say that we build and design Kali for security professionals and hobbyists to utilize as a base platform for their work. These are individuals that could easily roll their own version of Linux for their needs, but if Kali is done right, it's a no-brainer to use it and save the work and effort that would go into building your own," he told Help Net Security.
Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, debuted its penetration (pen)testing and industrial cybersecurity assessment...
An extraneous space in the HTTP responses of webservers run by a variety of malicious actors allowed Fox-IT researchers to identify them pretty easily for the past year and a half. This was...
In external penetration testing undertaken for corporate clients in industrial, financial, and transport verticals in 2018, Positive Technologies found that, at the vast majority of companies,...
Here’s an overview of some of last week’s most interesting news and articles: Deception technology: Authenticity and why it matters An overview of the central role that authenticity plays in the...
More than 4.5 billion data records were compromised in the first half of this year. If you still feel like your enterprise is secure after reading that statistic, you’re one of the few. Hackers...