WannaCry’s Kill Switch won’t work for proxy users. Patch now.

Posted by:

News reports published this Monday morning claim the WannaCry ransomware worm managed to spread to 150 countries, with 200,000 computers successfully attacked.

The attackers, according to their Bitcoin accounts, seemed to have raked in  an initial fee of $300 to decrypt the files being held for ransom, but that is set to double in three days. 

Whatever they end up with (and here’s hoping it’s a criminal record) it seems like a measly return considering the impact this ransomware worm ...

Read More →
0

NYDFS tweak proposed cybersecurity regulations; start date pushed back to 1 March 2017

Posted by:

Last September, TBG Security wrote a helpful blog article on the proposed cybersecurity regulations put forward by the the New York State Department of Financial Services (NYDFS).

The NYDFS aimed to have these new cybersecurity requirements (23 NYCRR 500) enforceable by 1 Jan 2017. However, last week, on the 28th of December, NYDFS issued the following press release, effectively delaying the launch date to March 1, 2017.  


Read More →
0

Shell Attack On Your Server: Bash Bug ‘CVE-2014-7169’ and ‘CVE-2014-6271’

Posted by:

bashbug and shellshockA serious vulnerability has been found in the Bash command shell, which is commonly used by most Linux distributions. This vulnerability – designated asCVE-2014-7169- allows an attacker to run commands on an affected system. In short, this allows for remote code execution on servers that run these Linux distributions

Whats the bug (vulnerability)?

The most popular shell on *nix environments has ...

Read More →
0

Covert Redirect Is Just a Flaw It’s Not Another Heartbleed

Posted by:

covert redirect is no heartbleedBut That Doesn’t Mean Its Not A Problem

On Friday, a PhD student at the Nanyang Technological University in Singapore, Wang Jing, published a report focused on a method of attack called “Covert Redirect,” promoting it as a vulnerability in OAuth 2.0 and OpenID. Yet Jing’s contention of security flaws in OAuth and OpenID has serious flaws of its own, according ...

Read More →
0
})
SEC Cybersecurity Exams