Security

Home / Security

How To Harden An NGINX Web Server

The next segment in our InfoSec System Hardening series is how to harden an NGINX Web Server. NGINX is an alternative to the popular Apache Web Server on Linux. In this article, we'll show you some of the basics you'll want to take to secure your NGINX Web Server. To get started, you can follow [...]

By | January 16th, 2017|Categories: Security, Server Hardening, System Administration|Tags: , , , , , |0 Comments

How To Harden A MySQL Server

As with any server, whether it be a web server, file server, database server, etc, hardening is an important step in information security and protecting the data on your systems. This guide will show you some basics when it comes to hardening a MySQL Server. Most of these changes are simple lines to add into [...]

By | January 15th, 2017|Categories: Security, Server Hardening, System Administration|Tags: , , , , , |0 Comments

Adobe’s Latest Security Patch Installs Chrome Extension to Collect Data

Earlier this week, Adobe released some updates to fix security issues and vulnerabilities identified in Adobe Acrobat Reader. Twitter's @SwiftOnSecurity noticed a new Google Chrome extension for Adobe Acrobat after the update. According to the post, there is no mention of the new extension anywhere in Adobe's changelog and instead is installed without your knowing. [...]

By | January 13th, 2017|Categories: Security|Tags: , , , , , |4 Comments

CVE-2016-8655 Five-Year-Old Linux Kernel Local Privilege-Escalation Vulnerability Discovered

A five-year-old serious privilege-escalation vulnerability has been discovered in the Linux kernel that affects almost every distro of the Linux operating system, including Red Hat and Ubuntu. Back in October, a nine-year-old privilege-escalation vulnerability, dubbed Dirty COW was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, [...]

By | December 7th, 2016|Categories: Linux, Security|Tags: , , , , , , |0 Comments

Install YAWAST – The Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL - Versions and cipher suites supported; common issues. Information Disclosure - Checks for common information leaks. Presence of Files or Directories - Checks for files or directories that could [...]

By | October 24th, 2016|Categories: Pentest|Tags: , , , , , , , |0 Comments

QRLJacker – QRLJacking Exploitation Framework

QRLJacker is a python framework which is used to exploit services that rely on QR code authentication. #QRLJacker is a customizable framework to demonstrate "QRLJacking Attack Vector" and shows how easy to hijack services that relies on QR Code Authentication. Installation Installation on Windows After downloading the framework and Python: cd QrlJacking-Framework pip install -r [...]

By | October 24th, 2016|Categories: Pentest|Tags: , , , |0 Comments

DDoS Attack on Dyn DNS and Level3 Outages

Twitter, Reddit, Spotify, PSN, XBox, Netflix, Github, PayPal and bunch of other websites were offline earlier today. That’s because someone conducted a massive distributed denial of service (DDoS) attack on the Dyn DNS, a world renowned Domain Name Servers (DNS) service provider. You can read the most recent status messages at DynDNS. So far there [...]

By | October 21st, 2016|Categories: Attacks, Security|Tags: , , , , , |0 Comments

How To Patch Linux Kernel Zero Day DirtyCow Vulnerability CVE-2016-5195

A zero-day local privilege escalation vulnerability has been found in the Linux kernel that has existed since 2005, being called DirtyCow. This bug affects a large number of popular Linux distros as well as Android devices. By exploiting the DirtyCow vulnerability, any user can become root (admin) in less than 5 seconds. The vulnerability has [...]

HTTP/2, HTTPS, Let’s Encrypt, NGINX and WordPress Hardening

If you're running a Wordpress site on a Linux server running NGINX, then you might be interested in setting up a free SSL (HTTPS) certificate using Let's Encrypt. The internet is moving towards HTTPS, and even Google is said to rank HTTPS pages higher than the standard HTTP pages. If you're using Wordpress, you have [...]

New Cerber Ransomware Switches To A Random Extension And Ends Database Processes

A new variant of the Cerber ransomware kills common database-related processes like those of the MySQL, Oracle and Microsoft SQL servers to encrypt files. The most notable change is the switch from the static .Cerber3 extension for encrypted files to a random 4 character extension, the use of a HTA file as the ransom note, [...]

By | October 6th, 2016|Categories: Ransomware, Security|Tags: , , , , , , , |0 Comments
Load More Posts