Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies.
In its recent annual security report, Cisco predicted VOIP abuse as a potential area for cyber crime growth. "Criminals use brute-force techniques to hack private branch exchange (PBX) systems to place fraudulent, long-distance calls; usually international," the report states. "These incidents, often targeting small or midsize businesses, have resulted in significant financial losses for some companies."
Mixed IT infrastructures, including cloud and non-cloud systems, will be the norm at many companies for many years. Learn about key cloud security concerns and solutions from three early cloud users. For all the talk about public clouds versus private clouds, many organizations will likely end up with a mixed IT environment that includes both types of cloud as well as non-cloud systems and applications
In the first article of this two-part series, I looked at physical protection of laptop computers outside the office. Today we'll review fundamentals of protecting data and data communications. This pair of articles is designed to be useful in security-awareness training for employees who take corporate laptop computers out of the office.
A new web site, socialnetworksecurity.org, has been set up to publish details of security vulnerabilities in social networks such as Facebook, Lokalisten, Friendscout24.de, wer-kennt-wen.de and XING. Most of the vulnerabilities listed could be exploited for cross-site scripting (XSS) attacks. Jappy.de, for example, contains one such vulnerability which allows contacts' cookies to be stolen.
A second area of focus must be in the way we understand and address threats. The threat landscape has evolved dramatically in the past three years: Starting in 2008 with the growing ability of viruses and malware to evade anti-virus signature technologies; to the pandemic scale of attacks launched by criminals in 2009 for profit; to more sophisticated attacks organised by nation states in 2010.
DON'T shortchange remediation. Surprisingly, organizations will perform vulnerability scans, or hire someone to conduct a scan, get a report and then not follow through. They may cherry-pick one or two critical items and neglect the rest. The result is that the organization has spent time and money without doing much for its security.
Botnets are insidious. They spread like digital weeds and infect thousands to tens of thousands of machines at a time. Their only purpose is to enrich and empower the botnet owners as they infiltrate endpoints on consumer systems, colleges, and enterprises around the world. These botnets are used to send spam, launch denial of service attacks, and