security

Targeted Malware on the rise

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails are referring to locations or persons of the organization being targeted. In this case, Avira: as you can see below, there are apparent links to internal locations. Of course, they are all fake (like in phishing). In reality, they point to malicious documents and locations…

Read More

Experiment started: HTTPS for ITSecurityNews.info

The Internet is telling everyone to switch to HTTPS for various reasons: better security better SEO from the search engines (read: Google) others While I agree with most of the reasons, I think that it is not really necessary for a read-only news portal to have HTTPS. It is no secret transferred, no login, nothing… Just text and links. And Ads… 🙂 So, my hosting provider Strato is giving me a free SSL certificate. After a long thinking and testing, I activated it for ItSecurityNews.info. From now on, you’ll be redirected to the HTTPS://ItSecurityNews.info even if you just type ItSecurityNews.info…


Security for free, update after 4 years

About 4 years ago, while I was working at Avira,  I wrote this article for (ISC)2’s blog. Security “for free”? I wrote back then about how to cover all attack vectors for malware. I also wrote about the hidden costs, which many people tend to ignore. These costs are not acquisition costs. They are even not easily visible. I concluded, that it is possible to achieve a decent degree of security without any acquisition costs. However, there are drawbacks and there are hidden maintenance costs. For those who are interested in having software that works for them and not the…


Lack of security made simple: Casual Insecurity

I am travelling quite a lot because of my job, working with Avira’s customers to integrate their OEM Technologies. For this reason, I am very often in hotels and airports. Almost everywhere these days, I can find free WiFis: wireless networks with free of charge access. We all know that accessing resources through free WiFis is not the best ideas. Especially, if these networks do not have any kind of password set.   This is how I think that the Lack of Security is made so simple: offer something everybody needs for free and make that as unsecure as possible….


WannaCry Ransomware – Executive summary

If you want news from the IT Security industry, please check IT Security News here: http://www.itsecuritynews.info/?s=WannaCry This is my summary, inspired from various sources on the web mentioned in the Sources (see at the end).   The ransomware Wannacry has infected systems across the globe and has been the topic of discussion among security professionals for quite some days now. The WannaCry ransomware attack – 5 things you need to know A ransomware attack of “unprecedented level” (Europol) started spreading WannaCry ransomware around the world on Friday, May 12, 2017, around 11 AM ET/3PM GMT. Until now, hundreds of thousands…


Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of…



Scary to see details of the World’s Biggest Data Breaches

Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/   No worries, the chart is very interactive and you can select what you want to see by changing the filter: The problem is that if you select like the screenshot below, you will not see anything anymore. This is scary!   Statistics? Actually, the data is scary: it seems that at any point in time there was a breach.     Here is the source of the data: https://docs.google.com/spreadsheet/ccc?key=0AmenB57kGPGKdHh6eGpTR2lPQl9NZmo3RlVzQ1N2Ymc&single=true&gid=2&range=A1%3AW400    


Vulnerability analysis: how “HTTPoxy” allows redirect of web applications http-queries

This is a guest post written by Alex Bod, Information Security Researcher and the founder of the Gods Hackers Team.   The information about a set of vulnerabilities called HTTPoxy was published on July 18. Using this, attackers can replace the HTTP_PROXY environment variable that allows them to redirect http-queries to the Web applications on their resources. The vulnerability was identified in partnership with the developer Dominic Scheirlinck, who in his blog talked about how the vulnerability was discovered by his colleagues in the analysis of one of the tickets, received in support.   How it works   Scheirlinck explains in…



By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close