US Department of Energy invests $34m in cybersecurity The Department of Energy in the US is set to invest $34m in 12 individual projects aimed to secure the smart grid. The projects are described as being aimed to improve the ‘reliability and resilience’ of US…
Drupal Ransomware Vulnerability Attacks – Rex
For the past few months, multiple reports regarding a ransomware primarily affecting the popular CMS, Drupal have been emerging. The ransomware itself has no official name however is currently being dubbed as Rex. In May 2016, it was reported that 400 Drupal installations were affected, and…
Pentest Diaries: Negative Transfers and Android eWallets don’t Mix
eWallets, or digital wallets are becoming evermore popular. Most Android eWallets are apps that allow a user to make electronic transactions, including purchasing items online or in-person. Some services even allow an individual’s bank account to be linked to the service. Naturally, breaking the security…
Hunting for XXE in Uber using Acunetix AcuMonitor
XML External Entity (XXE) vulnerabilities are attacks which involve an attacker abusing an application which parses XML. The attack occurs against an XML parser which has XML entities enabled. If you are not familiar with XML entities, you can think of them as a rarely…
How to set-up HTTP Authentication (Basic) with Nginx on Ubuntu 16.04
Restricting portions of a web application or directories on a web server to a small group of trusted users can greatly improve the security of a website or web application. Most web applications provide their own form-based methods for authentication, however, we can also make…
In the headlines: LastPass vulnerability, Hillary Leaks, remote code execution vuln on Pornhub, and more
LastPass password manager vulnerability gives hackers your passwords LastPass is one of the most popular password managers around and can also be added to your browser, allowing you to store and auto fill all your passwords, using just one master password to access them. So…
EU Network and Information Security Directive sets legal requirement to report breaches
The EU have just passed a new directive, the Network and Information Security Directive, which was approved in December of 2015 and passed through last week. The directive comes into force in August of this year, with a 21 month limit to implement it, by…
4 Tips to kickstart your application security effort
Securing web applications is not an easy task; especially when the application is constantly changing and business-critical. Identifying where to start could be overwhelming, especially if you’re just dipping your toes in application security. Here are four tips to help you get started. 1. Know your…
Securing MySQL Server on Ubuntu 16.04 LTS – Configuring MySQL Securely, Part 3
In part 2 of this series, we looked at configuring MySQL securely. In this final part we shall continue looking at ways in which to ensure a secure MySQL Configuration. Secure Communications In some cases, we might have the MySQL database server setup on a dedicated…