The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
Read more here.
New Android NFC Attack Could Steal Money From Credit Cards Anytime Your Phone Is Near
In a presentation at Hat In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from victims’ credit cards anytime the cards are near the victims’ phone.
Read more here.
Gaana.com hacked, details of over 10 million users exposed
Gaana.com — One of India’s most popular music streaming service with more than 10 Million registered users and 7.5 Million monthly visitors — has reportedly been hacked, exposing the site’s user information database.
Read more here.
Assessing the Security of Mobile Applications (Part 3) – The Test Methods and Outcomes
Part 3 of a nice article on how to assess the security of mobile applications.
Read more here.
Is your Wi-Fi router hacker bait? This free tool lets you know.
Is your home or work wireless network just waiting for an attacker to waltz in? Your router can have plenty of vulnerabilities – weak password, weak encryption standards, dangerous services, etc.
The free Android app RouterCheck looks for all that and more. It also checks your router make and model to see whether it’s known to have vulnerabilities.
Read more here.
CareFirst, Third Major Health Insurer This Year To Be Hit By Cyberattack
On May 20, 2015, CareFirst BlueCross BlueShield announced that it was the latest victim of a major cyberattack, with as many as 1.1 million plan customers affected. Current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst’s websites prior to June 20, 2014 are impacted by this event.
Read more here.
How to Find the Details of a Network Attack
An often overlooked feature of log management software is the ability to conduct forensic analysis of events. Instead of searching for a needle in a haystack, forensic analysis tools can make drilling down to identify details a quick and easy task.
Read more here.
Venom Vulnerability Exposes Most Data Centers to Cyber Attacks
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing millions of plain-text passwords.
But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed, it is not going to cause as much danger as HeartBleed did.
Dubbed VENOM, stands for Virtualized Environment Neglected Operations Manipulation, is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory.
Yes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year’s HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information.
Read more here.
Risk IT and services spending to reach $78.6 Billion in 2015
According to a new IDC Financial Insights forecast, worldwide risk information technologies and services (RITS) spending will reach $78.6 billion in 2015 and is expected to reach $96.3 billion by 2018.
Read more here.
Wapiti – Web Application Vulnerability Scanner v2.3.0
Wapiti is a web application vulnerability scanner, it allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the web pages of the deployed web application, looking for scripts and forms where it can inject data.
Read more here.