Yesterday, a critical vulnerability was reported in GNU Bash. Bash is the Bourne Again Shell that is installed on all Linux distributions. The vulnerability is related to the way environment variables are parsed before running the BASH shell. It is possible to create environment variables that include…
Statistics about the leaked Gmail, Yandex, Mail.ru passwords
Around 10 million email addresses and passwords were recently leaked on a Russian Bitcoin forum. Many websites report about 5 million Gmail accounts the leak includes also accounts from 2 popular russian mail providers (Yandex and Mail.ru). The leak contains the following: ~5 million Gmail…
WordPress 4.0 “Benny” released
The long awaited WordPress version 4.0, codenamed “Benny” in honour of jazz clarinettist and band leader Benny Goodman has been released. While this does seem like a major release to some of us, since it includes a good amount of features easing the blog writers’…
Balancing web security with your compliance requirements
As an executive responsible for many aspects of running your business, it can be difficult and downright confusing trying to understand the balance between Web security and compliance. Your IT, information security, and internal audit teams may be telling you completely different things based on…
Danger: Open Ports – Remote Access Trojans (RATs) vs Worms
Having a good antivirus solution gives a warm, fuzzy feeling of safety: you know that your assets are virus free and that your network is secure. However, most antivirus solutions cannot detect Remote Administration Tools (aka Remote Access Trojans or just RATs), because their structure…
POS Security: Are my POS terminal credentials up for sale?
There is a black market for stolen credit card information: you can shop online for credit card data for prices between 20$ and 100$ per item. Underground websites like Silk Road (today Silk Road 2.0) offer the possibility to acquire this information anonymously (via The…
Heartbleed Used to Steal Credentials and Breach Community Health Systems
Last Monday, Community Health Systems (CHS) filed an 8-K filing with the US Securities and Exchange Commission, confirming a security breach which occurred in April and June, 2014. CHS blamed the breach on a group of Chinese hackers. The 8-K filing confirms that the hackers…
Common network security assessment oversights
Network security assessments are one of the most critical exercises performed for minimizing business risks. Your time is limited. You’ve got pressure from management to get things done. There’s so much to do and not enough time to do it. Yet, network security assessments are…
Making web security part of your IT governance program
Moving past IT compliance, IT “governance” is becoming the new area of focus in enterprises today. With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations. Internal audit, legal, and boards of directors…