Sunday , 24 September 2017
Home » Author Archives: Dean Alvarez (page 5)

Author Archives: Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email - dean@itsecurityguru.org

System bug hampering SAP E-Recruiting

A system bug has been located within a SAP E-Recruiting system which is blocking people from registering their e-mail. The problem is that a registration URL provided to job-seekers is predictable, meaning an attacker could put other peoples’ e-mails into the system and guess the “e-mail confirmation” link. It could be blocked by adding a pre-registration nonce to the confirmation ... Read More »

Over 5 Billion Bluetooth-Enabled Devices Vulnerable to BlueBorne

A new vulnerability codenamed BlueBorne, by the security researchers who discovered it, has been found in Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. ... Read More »

37 Percent of Global Organisations Unsure if They Need to Comply with GDPR

With the GDPR (General Data Protection Regulation) deadline set for 25 May next year, an independent global survey commissioned by WatchGuard Technologies, shows that many organisations are ill-prepared due to uncertainty about the criteria for compliance. The results show that a staggering 37 percent of respondents simply don’t know whether their organisation needs to comply with GDPR, while 28 percent ... Read More »

Gartner Says Finance Is Moving to the Cloud Much Faster Than Expected

A major shift is taking place in how organisations select their financial management applications, with a migration to cloud applications happening faster than expected, according to Gartner, Inc. A recent Gartner survey of senior finance executives found that by 2020, 36 per cent of organisations will use the cloud to support more than half of their transactional systems of record. ... Read More »

Artificial Intelligence – how could it potentially help bridge the Cyber-skills Gap

Webinar: Artificial Intelligence – how could it potentially help bridge the Cyber-skills Gap Date: 4th October 2017 Time: 10:30am Duration: 75 minutes Speakers include: Pete Warren, Chairman at Cyber Security Research Institute; Andrew Jones, Professor of Cyber Security at University of Hertfordshire; Mark Deem, Partner at Cooley LLP.   Throughout Security Serious Week this year, during the first week of ... Read More »

Cyber risk: Why Cybersecurity Is Important

Simon Parker,
Minerva Security

Our world today is ruled by technology and we can’t do without it at all. From booking our flight tickets, to catching up with an old friend, technology plays an important role in it. However, the same technology may betray you when it’s vulnerable and could lead to loss of essential data. Cyber security, alongside physical commercial security has thus, ... Read More »

Another reason to hate Excel: its Macros can help pivot attacks

A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won’t like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he’s found loose default launch and access permissions, meaning a macro-based attack doesn’t need to interact with the victim. The nutshell version is ... Read More »

India’s “robust” biometric database let millions get fake IDs

Criminals managed to circumvent the “robust” security of India’s biometric database to issue over 8 million fake identity cards — which Indian citizens use for everything from opening bank accounts to getting married. Police in the northern Indian state of Uttar Pradesh Sunday arrested 10 men as part of a crackdown on a sophisticated fraud scam which involved cloning fingerprints and cracking the security ... Read More »

Paradise Ransomware Uses RSA Encryption to Encrypt Your Files

Today, a victim of a new ransomware called Paradise posted in the BleepingComputer.com forums and uploaded a sample so we could take a look at it. While this ransomware is not revolutionary by any means, since it is in active distribution and a Ransomware as a Service (RaaS), I thought I would provide a brief analysis of how this ransomware works. ... Read More »

10 D-Link zero-day flaws that may give hackers backdoor access and more have been publicly released

Zero-day vulnerabilities are generally scary enough that when one is made public, vendors begin scrambling to issue a fix. By nature, zero-day flaws are vulnerabilities that the affected vendor has no knowledge about and thus no patches exist. Alarmingly, not one or two but 10 zero-day flawshave recently been uncovered affecting D-Link routers, which could potentially leave users at risk of cyberattacks. Pierre Kim, a ... Read More »