Security researches from the Polish firm Security Explorations have released a massive slew of PoC code and technical details on 30 Oracle Java Cloud Service Vulnerabilities. It seems like they had already reported them to Oracle, but weren’t happy with how things were handled, so have decided to go public with the weaknesses. They gave […]
Agnitio v2.1 Released – Manual Security Code Review Tool
A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. It hasn’t been updated for a fair while sadly, and v2.1 was released in 2011 – but […]
Security Vendor Trustwave Named In Target Suit
You might remember earlier in March, the Target CIO resigned due to the huge breach in December last year. Now in an unprecedented move, the banks are suing Target’s security vendor – Trustwave. It’s a class-action suit accusing them of failing to detect the breach. It seems a bit of a stretch though, there’s no […]
Blackhash – Audit Passwords Without Hashes
A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to […]
NSA Large Scale TURBINE Malware Also Target Sysadmins
So more revelations coming out about the NSA from the latest batch of documents leaked by Edward Snowden. This time they detail a huge malware infection system created for widespread infections, it seems fairly advanced with the ability to spit out different types of malware depending on the target. Other than the TURBINE malware engine, […]