New vulnerabilities emerge every day, threatening enterprise information security. In order to avoid data and devices getting infected, it is important to find them out early so they can be fixed as soon as possible.
There are Open Source tools which can help to identify vulnerabilities, such as web servers and applications scanners, analysis tools, fuzzers… Below you can find a useful selection:
The first Kali Linux Rolling Edition is available after 5 months of testing, featuring the stability of Debian together with the latest versions of many outstanding penetration testing tools created by the information security community.
This new model of release feeds continuously from Debian testing, so the kali-rolling repository will always hold the latest stable releases of monitored tools after 24-48 hours being released.
Security experts have discovered a critical vulnerability in OpenSSH which affects versions from 5.4 to 7.1 and it allows attackers to steal encrypted private keys.
A new OpenSSH version has been released to patch this vulnerability, so it is strongly recommended to update to this new release. Another option is to deactivate the vulnerable code adding “UseRoaming no” option in ssh_config file.
The growth and improper use of domain administrator accounts is one of the major security threats to systems in Windows Active Directory (AD) domains.
In order to avoid potential issues arising from these troubles, here’s an article about restricting the use of domain admin accounts to domain controllers in Windows Server 2012 R2 domains by enabling support for additional Kerberos features.
The author also explains how to create a new authentication policy and silo. You can have a look at the tutorial here
A botnet made up of Linux computers is generating over 150 Gbps per second denial-of-service attacks (DDoS), which are seriously threatening some companies, since they are much more powerful than infraestructures can usually support.
This botnet is targeting around 20 sites each day, 90% located in Asia. The most common targets are online gaming and educational sites.
The malware feeding the botnet is called XOR DDoS and it was identified in September 2014 for the first time. Now, a the security response team from Akamai Technologies has discovered a new wave of attacks.
Download UDS ENTERPRISE and provide 24x7 secure access to your workspaces from anywhere and any device
Manage cookie consent
To offer the best experiences, we use technologies such as cookies to store and/or access device information. Consent to these technologies will allow us to process data such as browsing behavior or unique identifications on this site. Not consenting or withdrawing consent may negatively affect certain features and functions.
Functional
Always active
The storage or technical access is strictly necessary for the legitimate purpose of allowing the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication through an electronic communications network.
Preferencias
El almacenamiento o acceso técnico es necesario para la finalidad legítima de almacenar preferencias no solicitadas por el abonado o usuario.
Statistics
Storage or technical access that is used exclusively for anonymous statistical purposes.El almacenamiento o acceso técnico que se utiliza exclusivamente con fines estadísticos anónimos. Sin un requerimiento, el cumplimiento voluntario por parte de tu Proveedor de servicios de Internet, o los registros adicionales de un tercero, la información almacenada o recuperada sólo para este propósito no se puede utilizar para identificarte.
Marketing
Storage or technical access is necessary to create user profiles to deliver advertising, or to track the user across one or multiple websites for similar marketing purposes.