Recently I have found myself installing Nmap on Windows with more frequency. My day to day systems are Ubuntu based, however from time to time when using Windows based systems having access to Nmap and Ncat is very convenient. In the past using Nmap under windows has had a few issues and there are still [...]
Archive | Security News RSS feed for this section
Nessus 5 on Ubuntu 12.04 install and mini review
Having yet to play with Nessus 5, today I grabbed a copy and installed it into my Ubuntu 12.04 64 bit system. Take note I am having a quick look at the product, not using it in a commercial manner as part of the work done by HackerTarget.com. This would require a professional feed license [...]
Backdoor Corporate Networks with Metasploit
HD Moore recently announced a new post exploitation tool offering Meterpreter sessions over HTTPS (HTTP) that will traverse the corporate proxy. Variations on this have been available previously but have been for a number of reasons been not so stable. Let’s first look at a common locked down Corporate Network. Then we will show how [...]
Malware in WordPress Themes
Found an interesting article over at OttoPress with some in depth analysis of malware discovered in a theme on a less than reputable WordPress theme site. Seems there are some dodgey sites out there that have infected themes, both free ones and ripped off professional themes. Beware and check the reputation of your themes. It [...]
Google Dorking WordPress
WordPress is very popular and easy to install. This very accessibility makes it a juicy target for those wanting to collect compromised hosting accounts for serving malicious content, spamming, phishing sites, proxies and web shells. How prevalent is poor WordPress Security? Our Web Tech Report showed that application updates to WordPress are reasonable. Lets try [...]
New WordPress Version Released 3.1.3
Hot on the heels of the release of our new WordPress Security Scanner is a new update to wordpress. The release includes multiple security fixes and hardening. Update your installations now. Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props [...]
PandaLabs 2010 Annual Report
It appears 2010 has been a cracking year for malware developers. Customised malware is a significant threat to any environment, given the fact that controls that can effectively protect against these attacks are limited and difficult to implement. Anti-virus certainly does not provide much protection against a trojan that has been customised to attack a [...]
Three Quality Security Podcasts
There are three security Podcasts that consistently make it onto my phone. It is a great way to stay current in the world of information security news, trends and tools while doing other stuff that does not involve sitting in front of your computer. Quality information, not much waffle and entertaining. Risky.biz – Well produced, [...]
