17.6 C
London
Tuesday, September 26, 2017
Home Tags Header

Tag: Header

Help wanted at Equifax.

Badly Further evidence has emerged regarding the insecurity of Equifaxrsquo;s web setup, as independent security researcher Scott Helme reports having uncovered all manner of problems with Equifaxrsquo;s security header configuration.…

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear.
It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.
One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things.

A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on.
Today, a dangerous new trend is emerging: steganography is increasingly being used by actors creating malware and cyber-espionage tools. Most modern anti-malware solutions provide little, if any, protection from steganography, while any carrier in which a payload can be secretly carried poses a potential threat.
When working with ASP.Net Web API, it is important to return a consistent response for all the requests that are processed by your API regardless of success or failure.

This makes it a lot easier to consume the API, without requiring complex code on...
From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus, which continues to spawn new modifications of itself each year.
In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors.

As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.
Years ago, all you needed to be a developer was an editor, a compiler, and hopefully some kind of revision control system. (Sadly, many developers still donrsquo;t use revision control systems properly.)These days, you need to know more even for basic software development. Herersquo;s the top 10 list of tools every modern developer should know and use:[ The art of programming moves rapidly.
InfoWorld helps you navigate whatrsquo;s running hot and what's going cold. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]
Git and GitHub: Although there are companies that still use Subversion or CVS even, let alone the awful Clearcase, you probably shouldnrsquo;t work at one of them.

Git is now a basic skill like tying your shoes or spell checking. SSH: Yeah, I know: Yoursquo;re a Windows developer and you donrsquo;t know no stinking shell.

But yoursquo;re going to run into having to create an SSH key or do other SSH stuff.
So you may as well learn now. Terminal Services or remote login: Even if yoursquo;re a Linux or Mac person, sooner or later yoursquo;ll have to deal with Windows.

These tools are how you will connect in. Amazon Web Services: AWS isnrsquo;t just cloud, it is the reason you donrsquo;t have to wait on IT.

There are other cloud providers, but yoursquo;ll have to deal with AWS sooner or later.

AWS has gotten so big that you canrsquo;t know all of AWS any more, but you do need to know at least the EC2 stuff. JavaScript: You donrsquo;t need to know it cold, but this is the scripting language of the now.
If a product or tool is going to add a scripting API, it will probably be for JavaScript. Bash and PowerShell: Sure, more modern devops tools are handy, but sooner or later something isnrsquo;t going to work and it wonrsquo;t have quite what you need.
So, expect to need to know how to write a basic restart script, grab an error code from an exiting command, or do a few things in a loop.

Thatrsquo;s what Bash (in Linux, many Unixes, MacOS, and Windows 10) and Microsoftrsquo;s PowerShell let you do.

Bonus: Add a tool like Grep (PowerShellrsquo;s equivalent Select-String is more wordy) and yoursquo;ll be an even more powerful deity. MongoDB: You need to know how to work with at least one document database. MongoDB is the easiest to learn. Whether yoursquo;re ultimately going to use MongoDB isnrsquo;t relevant; what matters is learning how to deal with a new-generation database.
If yoursquo;re going to use an index like Apache Solr, which is document-shaped, or yoursquo;re going to work with a more columnar structured database, the MongoDB skills will transfer. Curl and Invoke-RestMethod: Most software now has a REST API. On Mac and Linux, Curl is the command-line tool that lets you test and tweak and even script against a REST API.
In PowerShell, it is Invoke-RestMethod (although like everything on PowerShell, it requires more typing).

There are GUI tools like Postman that accomplish the same work, but a serious developer needs to be able to move past a point-and-click interface for efficiencyrsquo;s sake. Markdown: This is the format of the README.md file in GitHub. You should be able to read and write a simple Markdown document.

And thatrsquo;s easy because it has just seven symbols: (# is a header, ## is a subheader, * is a bullet, __ and ** are bold, _ and * are italics, ` is monospace, and --- is a break or rule). Markdown editors often have extensions but those are the basics.

From that basic markup language, you can get slides, PDFs, and HTML. Often these output formats can be consistently formatted with CSS or some other way.

Best of all, you donrsquo;t end up with smart quotes in your code samples. Basic HTML: I canrsquo;t make a decent-looking web page to save my life; Irsquo;m a back-end developer.

But whether yoursquo;re going to stub something out or have to parse HTML, you will need to know basics of the web markup language. To read this article in full or to leave a comment, please click here
Double-header! Lee Hutchinson talks guns, and we interview actors Ricky Whittle and Orlando Jones.
In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.
Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.
Although the beginning of Q1 2017 was marked by a decline in the amount of spam in overall global email traffic, in March the situation became more stable, and the average share of spam for the quarter amounted to 55.9%.

The US (18.75%) remained the biggest source of spam, followed by Vietnam (7.86%) and China (7.77%).