Last Monday, Community Health Systems (CHS) filed an 8-K filing with the US Securities and Exchange Commission, confirming a security breach which occurred in April and June, 2014. CHS blamed the breach on a group of Chinese hackers. The 8-K filing confirms that the hackers…
Word Press Security Revisited
Starting as just a good blogging system in 2003, Word Press has grown to be the most popular Content Management System (CMS), used in over 22% of the top 1 million web sites. It is the CMS that can be installed in less than 5…
Common network security assessment oversights
Network security assessments are one of the most critical exercises performed for minimizing business risks. Your time is limited. You’ve got pressure from management to get things done. There’s so much to do and not enough time to do it. Yet, network security assessments are…
Making web security part of your IT governance program
Moving past IT compliance, IT “governance” is becoming the new area of focus in enterprises today. With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations. Internal audit, legal, and boards of directors…
Taking your network security assessment to the next level
There’s always a point in every IT professional’s career where he thinks he has everything figured out. We can get so caught up in our ways that we often overlook the fact that there are so many things we do on a daily basis that…
Top network security flaws you’re likely overlooking
There’s no doubt you know your network better than anyone else. The real question is, do you know whether you’ve checked for all relevant security flaws on all of your critical systems? Odds are you haven’t but that’s okay to an extent. No one has…
What you need to know about performing authenticated network security scans
Are you scanning your network hosts for security vulnerabilities while logged in as a user? If not, you should be. Authenticated testing can add a lot of value to your overall security assessment results. You’ll find a lot more missing patches, weak share permissions, and…
AcuMonitor could have Detected PayPal’s Blind XSS Vulnerability
Vulnerability-Lab, a Germany-based security research company, recently identified an application-side validation web vulnerability, which allows an attacker to inject code in his user profile. The injected code gets executed when a PayPal employee loads the user’s details on PayPal’s backend system. This type of vulnerability…
WordPress Username Enumeration using HTTP Fuzzer
In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers in them; however, WordPress offers…