We continue to see large-scale online security attacks affecting corporations and public institutions. These attacks are becoming more and more sophisticated, making it harder to protect yourself. The constant evolution of attacks requires innovative s…
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gatew…
Smart OSINT Collection of Common IOC Types
Smart OSINT Collection of Common IOC (Indicator of compromise) Types
This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, do…
Kali Linux 2020.1 Release (Non-Root, Single Installer & NetHunter Rootless)
We are here to kick off our first release of the decade, with Kali Linux 2020.1! Available for immediate download.
The following is a brief feature summary for this release:
Non-Root by default
Kali single installer image
Kali NetHunter Rootless
Impro…
Defensive Security Podcast Episode 244
https://www.securityweek.com/attacker-installs-backdoor-blocks-others-exploiting-citrix-adc-vulnerability
https://www.securityweek.com/court-approves-equifax-data-breach-settlement
https://www.infosecurity-magazine.com/news/equifax-breach-settlement-co…
Abusing the Service Workers API
The Service Worker web API is a powerful new API for web browsers. During our research, we have found several ways attackers can leverage this API to enhance their low-to-medium risk findings into a powerful and meaningful attack. By…
Guardicore Centra Release v 31
Guardicore Centra v 31 includes such features as user-based rules and a threat intelligence firewall. Read more about the updates and improvements.
Virtual Desktop Infrastructure (VDI) ? Risks and Solutions
Leverage the benefits of VDI without opening yourself to security risk. Guardicore provides user access management and microsegmentation for Citrix.
Defensive Security Podcast Episode 243
https://www.irishtimes.com/news/crime-and-law/courts/high-court/firm-being-blackmailed-by-hackers-for-6m-obtains-irish-court-injunction-1.4128069
https://inews.co.uk/inews-lifestyle/travel/travelex-hack-cyber-attack-ransomware-sodinokibi-travel-money-u…
HTTP Cache Poisoning Advisory
Summary On January 14, 2020, CERT CC published an advisory warning of the potential use of Content Delivery Networks (CDNs) to cache malicious traffic. Akamai acknowledges this issue and has been aware of similar research in the past. This advisory…