LRQA Nettitude Blog

CVE-2015-5227: Zeropress and Remote Code Execution in the WordPress Landing Pages Plugin

Posted by Iain Wallace on Sep 30, 2015

Finding WordPress plugin vulnerabilities is like shooting fish in a barrel.

Read More

Topics: Security Blog, Uncategorized

Rocktastic

Posted by Neil Lines on Sep 23, 2015

People and Passwords
Passwords, passwords, passwords. I talk about them, I think about them; I go crazy over them!

Read More

Topics: Security Blog, Uncategorized

Easy Compliance – The PCI Pills

Posted by Nigel Gildea on Sep 16, 2015

PCI-DSS is a mostly technical set of controls that are applicable to any organisation which stores, processes or transmits credit card data or anything that could affect the security of the card data. It is written by the PCI security standards council (PCI-SSC), mandated by the card brands (Visa, MasterCard, etc.) and enforced by the banks.

Read More

Topics: Security Blog, Uncategorized

Cyber Fighting Power – Who Has The Upper Hand?

Posted by Ben Densham on Sep 3, 2015

Reading through the British Army Military Doctrine manual the other day (as you do!) the concept of Fighting Power in the context of cyber warfare got me thinking. How could a traditional approach from a historically renowned army be applied to the cyber world? Cyber, or the internet - if we remove the hyped buzz word - has been described as the fifth military domain after land, sea, air and space, and is certainly at the forefront of the attacks reported in the media these days.

Read More

Topics: Security Blog, Uncategorized

Companies with poor Cyber Security at risk of action by FTC

Posted by Graham Shaw on Aug 25, 2015

 

Cyber security breaches can cause lasting reputational damage for companies who fall victim, and potential legal action by customers too. To add to this there is now the confirmed risk of enforcement action by the US Federal Trade Commission (FTC).

In a ruling by the US Court of Appeal for the Third Circuit, poor cybersecurity is to be classed as a form of 'unfair competition', which places it within the remit of the FTC to regulate. This interpretation was challenged by the hotel group Wyndham Worldwide, which was on the receiving end of an FTC lawsuit that had begun in June 2012. The District Court sided with the FTC, and now the Court of Appeal has concurred. The original lawsuit continues, but Wyndham have suffered a serious setback.

Read More

Topics: Uncategorized, Cyber Security Blog

Fuzzing with American Fuzzy Lop (AFL)

Posted by Adam Williams on Jul 14, 2015

In a previous entry we gave a brief introduction to the concept of fuzzing and why we use it. In this entry we’ll guide you through using a fuzzer on Linux to help identify bugs and vulnerabilities in Linux’s main archiving application “tar”.

Read More

Topics: Security Blog, Uncategorized

Context Triggered Piecewise Hashing To Detect Malware Similarity

Posted by Tom Wilson on Jun 30, 2015

At Nettitude we collect a large amount of malware binary samples, both from our Honeypot network, from our customers and from incident response. One of the first steps we take is to calculate the MD5 hash of the malware and compare this hash to known samples, while unknown samples can be examined further by an analyst.

Read More

Topics: Security Blog, Uncategorized

The Prestige in Malware Persistence

Posted by Kyriakos Economou on Jun 16, 2015

Introduction

Read More

Topics: Security Blog, Uncategorized

Eight Things To Consider Before Deploying Cyber Threat Intelligence

Posted by Jules Pagna Disso and Tom Wilson on Jun 6, 2015

Protecting against cyber-attacks is proving to be a real challenge. A few years ago, defence in depth was the recommended methodology to successfully fight cyber-attacks. Despite the proliferation of defence in depth mechanisms, a large number of high profile cyber-attacks are still observed. It's no surprise to anyone that all sensible business owners and world leaders are seriously worried about the impact of successful cyber-attacks against their environment. According to a survey by Forrester’s Foresights Security Survey in 2013, 75% of 490 companies agreed that cyber threat intelligence was a priority.  The recent report “2015 Global Megatrends in Cybersecurity” sponsored by Raytheon suggest that most companies will deploy cyber threat intelligence over the next three years as a measure against cyber-attacks.

Read More

Topics: Security Blog, Uncategorized

CSRF And Unsafe Arbitrary File Upload In NextGEN Gallery Plugin (2.0.77.0) For WordPress

Posted by Louie Augarde on Mar 25, 2015

1      Introduction

Please note the vulnerability detailed in this blog article was first discovered on Monday 9th March 2015, disclosed and discussed with the company concerned on March 10th and a patch was released on March 12th.

Read More

Topics: Security Blog, Uncategorized

Subscribe Here!

About LRQA Nettitude

Through our connected portfolio of advanced cybersecurity solutions, LRQA Nettitude helps companies to identify and manage the vulnerabilities and threats that pose a risk to their business, building cybersecurity resilience and underpinning your business strategy with proactive measures.

Recent Posts

Posts by Tag

See all