The first Kali Linux Rolling Edition is available after 5 months of testing, featuring the stability of Debian together with the latest versions of many outstanding penetration testing tools created by the information security community.
This new model of release feeds continuously from Debian testing, so the kali-rolling repository will always hold the latest stable releases of monitored tools after 24-48 hours being released.
Security experts have discovered a critical vulnerability in OpenSSH which affects versions from 5.4 to 7.1 and it allows attackers to steal encrypted private keys.
A new OpenSSH version has been released to patch this vulnerability, so it is strongly recommended to update to this new release. Another option is to deactivate the vulnerable code adding “UseRoaming no” option in ssh_config file.
The growth and improper use of domain administrator accounts is one of the major security threats to systems in Windows Active Directory (AD) domains.
In order to avoid potential issues arising from these troubles, here’s an article about restricting the use of domain admin accounts to domain controllers in Windows Server 2012 R2 domains by enabling support for additional Kerberos features.
The author also explains how to create a new authentication policy and silo. You can have a look at the tutorial here
A botnet made up of Linux computers is generating over 150 Gbps per second denial-of-service attacks (DDoS), which are seriously threatening some companies, since they are much more powerful than infraestructures can usually support.
This botnet is targeting around 20 sites each day, 90% located in Asia. The most common targets are online gaming and educational sites.
The malware feeding the botnet is called XOR DDoS and it was identified in September 2014 for the first time. Now, a the security response team from Akamai Technologies has discovered a new wave of attacks.
The US Government’s IT pros rely on desktop virtualization to provide the end users with the appropiate tools for their work while guaranteeing security.
These IT pros have usually to deal with tougher regulatory and compliance constraitns than other companies. But users request the same flexibility and need to work anywhere and using any device.
That’s why VDI is the most suitable technology and more and more agencies are implementing it.
