Trying to protect your business from cyber-attack has just become a bit more difficult with the improvements in free password cracker, ocl-Hashcat-plus. The new release makes it able to tackle passwords with up to 55 characters at speeds as high as eight billion guesses per second on almost unlimited number of compromised hashes.
Long passwords have become one the last line of defense against hackers and this new feature is unwelcome news.
Here is a brief tutorial explaining why hueristic scanning is more powerful than signature based malware scanning.
For more details see our June article on this subject.
A special thanks to our marketing team who put together this brief video explaining the Quatrashield security as a service platform.
There has been a lot of discussion recently about which is the most up to date and definitive list of network vulnerabilities. We’ve decided to list the industry standard network vulnerability lists. Please don’t consider the order of the list:
National Vulnerability Database Version 2.2: (http://nvd.nist.gov/): The U .S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
The Common Vulnerabilities and Exposures (http://www.cve.mitre.org/): Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organization’s security tools. If a report from one of your security tools incorporates CVE Identifiers, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.
SANS (Sys Admin, Audit, Network, Security) Top 20 (www.sans.org/top20):
The Critical Security Controls effort focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on “What Works” – security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.
United States Computer Emergency Readiness Team (CERT) Vulnerability Notes Database (www.kb.cert.org/vuls/):
The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
BlackHat 2013 icon
We are pressed for time so will be only blogging highlights from Black Hat 2013:
We will keep this blog updated if there are any significant developments of note.
Riaan Gouws
HACK FREE ZONE - SMB RESOURCES 