Password management firm LastPass admited to being PWNED by hackers. If you are a customer, your data was potentially breached and so us “Paranoid Androids” will be spending a significant amount of the holidays changing passwords and double checking our MFA settings. The bad guys apparently got away with a massive stash of customer data, including password vault data that could be compromised by brute-forcing or guessing master passwords. So much for the “Zero Knowledge” strategy, or is this it working? Is this as bad as it could get in terms of password manager security? I guess the only thing that could compromise your passwords quicker would be an attacker literally looking over your shoulder (known as shoulder surfing) while you type your username and password in. But, well now, let’s look on the bright side, as long as you have diligently respected the power of keyspace and dutifully used…
CompTIA Security+
What is a XSRF attack? XSRF, also known as Cross-Site Request Forgery, is a type of attack that involves tricking a user into making a malicious transaction with a website without their knowledge. This can occur when a user is logged into a website and visits a malicious website or clicks on a malicious link. The attacker can then use the user’s active logged in status on another website to make requests on the user’s behalf, potentially allowing the attacker to perform unauthorized actions or access sensitive information. XSRF attacks can be prevented by implementing proper authentication and authorization measures on the website, such as using unique tokens for each user session. What is a session hijacking attack? Session hijacking is a type of cyberattack where an attacker takes over a user’s active session on a website or application and gains unauthorized access to the user’s account. This can be…
Why is user awareness training important for IT security? Phishing operations represent 41% of cyber breach incidents according to the IBM X-Force report. Deloitte estimates phishing to be the initial attack vector in 91% of cyber breaches. These estimates put phishing at the forefront of corporate attack surface because they identify phishing as the most successful method used by attackers to compromise a system and gain initial access to a victim’s network. In response, organizations need to increase their resilience against phishing and other types of social engineering attacks. By testing their staff’s ability to effectively identify phishing attempts and malspam and providing educational material, an organization can identify potential weaknesses and reduce the chance that an employee will fall prey to an attack. Of course, secondary cybersecurity measures should be in place to detect and respond to a successful phishing attack, user awareness training is a good practice…
We Have All Heard This Story Before It’s no doubt that ransomware is is the biggest threat in the modern cybersecurity landscape. The highest amount of ransom ever paid by a single company for a single incident is $40 million US dollars. Companies can incur millions more in remediation costs, service downtime, legal settlements, higher insurance premiums, and potentially suffer long-term deleterious effects to their brand reputation. Blockchain research group Chainalysis suggests that nearly $700 million USD in ransomware ransom was paid in 2020. Defenders have all been hearing this story for years, and know how to secure against ransomware right? The most common initial access vector is phishing so staff training sessions educating our staff on how to spot a deceptive url is required to keep the bad guys out. Installing endpoint security products and keeping them updated, and of course keep bulletproof backups right? Well, yes and no….
In this this series of articles and videos, I will explore some PHP malware code that has been publicly published. All the samples discussed are derived from a GitHub repository maintained by marcocesarato. The advice from Ripple Software Consulting is to always maintain solid web-server security through hardened configuration and monitoring, and vulnerability scanning both internal and external surfaces with a tool such as CISOfy’s Lynis or Greenbone’s GVM. For an example of solid LAMP stack server security you can visit the RSRC’s VPS Deploy WordPress GitHub repository which is a tool for automatically deploying a WordPress website on a hardened Linux VPS Server. If you don’t want to secure your own WordPress installation, you can hire a trained security consultant such as Ripple Software, or you can use another 3rd party managed hosting provider. PHP is a scripting language which means its source code is usually in human readable…
Linux Dominates Performance-based Computing Market Share Linux may be less susceptible to cyber-attacks because Windows presents such an attactive target by holding the majority of the desktop marketshare. However, Linux servers dominate the global market in some powerful ways. According to industry reports, Linux OSs comprise 100% of all supercomputers, and over 95% of the top 1 million web servers are running Linux. Linux runs on 90% of all cloud infrastructure and dominates the mobile phone market with > 80% of market share. Embedded operating systems, and RTOS for IoT devices? Again, Linux is by far the most popular OS of choice. If you want more interesting facts about Linux’s market presence, you can Read Nick Galov’s revealing 2021 comprehensive summary of Linux market penetration. Knowing how to conduct a Security Audit of a Linux system and services is very important indeed. This most often includes whitelisting required applications and…
This short introduction to cyber-security covers fundamental concepts. These concepts are the basis for all other cyber-security topics. If you are studying for CompTIA Security+ SY0-501 Exam this a good first video to watch.
If you are responsible for securing a network, you should know that monitoring reliable IT security news is now critical to mitigating threats on your precious goods. Prioritizing that news landscape and rolling out a timely response is also critical to a solid recipe for security. While it is not realistic to expect security architects to have that kind of response time, if you are ignoring IT security news, you might need those backups you have been diligently maintaining or worse. Building a solid incoming information pipeline requires an analysis of the IT security news landscape. The most fundamental elements of this landscape includes threat advisories & guidelines, updates to best-practices and standardization recommendations, and changing legal requirements if they apply to your organizational assets. Threat analysis reports and newly released Common Vulnerability Exposure details (CVEs) are critical secondary elements that relay more detailed information about vulnerabilities affecting specific software. …
If you are studying for CompTia Security+ you are welcome to download and use these following notes which I built while studying for the exam. If you notice any problems with the notes, please let me know!
