Automating OWASP ZAP in GitLab CI/CD

/in /by
Read more

Tips to make a WordPress website more secure

/in /by
  1. Keep WordPress and all plugins and themes up-to-date. Updates often include security fixes that help prevent vulnerabilities.
  2. Use strong and unique passwords for all user accounts, including admin and database users.
  3. Use two-factor authentication to add an extra layer of security to your login process.
  4. Limit the number of login attempts allowed and set a lockout period for failed attempts.
  5. Use a security plugin, such as Wordfence or Sucuri, to monitor and protect your site from attacks.
  6. Disable file editing in the WordPress dashboard to prevent malicious code injection through the editor.
  7. Limit file permissions and ensure that directories and files are only accessible by authorized users.
  8. Install an SSL certificate to encrypt data transmitted between the user’s browser and your server.
  9. Backup your website regularly to minimize data loss in the event of a breach.
  10. Use a hosting provider that prioritizes security and offers regular security updates and monitoring.
  11. Remove unused plugins, themes, and user accounts to minimize potential attack vectors.
  12. Use a strong and secure web hosting environment with firewall protection, intrusion detection, and regular security audits.

By following these tips, you can significantly improve the security of your WordPress website and minimize the risk of being hacked or compromised.

Steps to recover files from a disk using Linux as the operating system

/in /by

First, stop using the disk immediately to prevent further damage or overwriting of the files. If the disk is the system disk, boot your computer using a live Linux USB or CD.

  1. Identify the disk device name using the “fdisk” command. For example, if the disk is “/dev/sdb”, use the command:
fdisk -l /dev/sdb

2. Install the “testdisk” package using your package manager:

$ apt-get install testdisk

3. Run TestDisk with root permissions:

$ testdisk

4. Select the disk and partition you want to recover files from.

5. Choose the “Analyse” option to detect and list any existing or deleted partitions.

6. Select the partition containing the files you want to recover and choose the “Filesystem Utils” option.

7. Select “Copy” to copy the files to a safe location, such as an external drive or another disk.

8. Wait for the file copy process to complete. Depending on the size and number of files, this may take a while.

9. Once the file copy process is complete, verify that the files are intact and accessible.

Note: TestDisk is a powerful data recovery tool, but it requires some technical knowledge to use effectively. Be sure to read the documentation and follow the prompts carefully to avoid accidentally deleting or overwriting data. Additionally, there are other data recovery tools available on Linux, such as PhotoRec and Scalpel, that you can try if TestDisk doesn’t work for your specific scenario.

Underscoring the need for greater security in the emerging crypto world. North Korea-linked threat actor APT37 is linked to a new malware dubbed M2RAT in attacks targeting its southern counterpart

/in , /by

Underscoring the need for greater security in the emerging crypto world is critical given the recent surge in cyber-attacks targeting cryptocurrency exchanges and users. North Korea-linked threat actor APT37 has been linked to a new malware dubbed M2RAT, which has been used in multiple cyber-attacks against its southern counterpart.

M2RAT works by targeting vulnerable computers with malicious payloads and then installing a backdoor that can be used to exfiltrate data or access the system remotely. The payload is hidden in a malicious PDF file, which is then sent to unsuspecting users, who then open the file and install the backdoor on their system.

Once the backdoor is installed, the cybercriminals can then steal valuable data and use it to their advantage. M2RAT can also be used to gain access to administration rights on the infected system, giving the attackers full control over the system.

The emergence of this malware highlights the need for enhanced security measures within the cryptocurrency space. Users need to be aware of the threats posed by North Korea-linked actors, and ensure that their systems are secure by using robust security measures such as two-factor authentication, strong passwords, and an up-to-date anti-virus program. Additionally, regular backups of data should be created to mitigate the risk of data theft in the event of a successful attack.

CISOs should be aware of, including the increasing speed of attacks, the use of bots and automation, and the increasing use of mobile devices as attack vectors.

/in , /by

CISOs should be aware of several developments as the cyber threat landscape evolves.

The increasing speed of attacks means that hackers can now break into networks much faster than before. For example, they can use sophisticated bots and automated scripts to identify vulnerable systems and exploit them, often before countermeasures can be deployed.

The use of mobile devices has also become a primary attack vector. As these devices become more prevalent, they can easily be used by hackers to gain access to networks, as they often lack the same security measures as traditional computers. This can be mitigated by deploying mobile device management solutions.

Furthermore, hackers are beginning to use machine learning to automate their attacks. This form of attack is difficult to detect and can be used to bypass traditional security measures.

Finally, cloud computing is becoming a popular target for hackers, as it provides an ideal environment for their malicious activities. Cloud resources can easily be misused to launch attacks, and malicious scripts can be used to gain access to otherwise secure networks. As such, it is important for CISOs to remain vigilant about the security measures in place for cloud-based systems.

software supply chain security company Phylum has found 451 Python packages published on the official PyPI repository that are associated with the clipper malware campaign

/in , /by

Recently, the software supply chain security company Phylum has uncovered a major malware campaign targeting open-source software developers. The attack, codenamed “Clipper”, is a form of supply-chain attack where malicious code is inserted into legitimate open-source packages and subsequently reused by unsuspecting developers.

The Clipper attack was discovered after Phylum researchers found 451 Python packages published on the official PyPI repository that are associated with the campaign. These malicious packages were identified by the presence of a cryptominer, which tries to siphon away computing resources for Bitcoin mining.

The attack was made possible by the malicious actors using a technique known as “dependency confusion”. This basically involves uploading a malicious version of a popular package to the PyPI repository, which then overwrites the original package when it is downloaded by the developer.

To combat this attack, the PyPI team has implemented a system where packages with the same name are reviewed and validated by the repository admins before being published. In addition, the team is also actively monitoring the repository for suspicious packages and removing them when found.

Ultimately, it is important for developers to be aware of the threats that open-source packages can pose and to take steps to ensure that the packages they use are secure. It is also important for developers to be aware of the techniques that malicious actors can use to insert malicious code into legitimate packages and to stay up to date with changes in the PyPI repository.

OneKey, the maker of hardware wallets for cryptocurrencies, was breached in a matter of seconds by a security company

/in , /by

OneKey, the maker of hardware wallets for cryptocurrencies, is sending shockwaves through the crypto world. Unciphered, a security company, was able to exploit a critical flaw that enabled it to steal cryptocurrencies stored in the wallets in a matter of seconds,

Underlining the need for improved security measures. This security breach has raised questions about the safety of hardware wallets, with many users now considering alternative methods for storing their cryptocurrencies. The Federal Trade Commission (FTC) has advised users to take steps to secure their systems, notify service providers involved, examine what personal information they can access, and check their network segmentation. Additionally, they recommend changing all passwords, deleting any accounts not in use, and using FIDO-based authentication instead of traditional MFA with passwords.