Why going after wp-config is a quick way to get banned

By |2022-06-15T00:59:14-04:00January 15th, 2016|Categories: Attribution, Defensive Methodology, Hacking, Reports, Wordpress|

The first is actually more common place. The second assumes the admin that maintains WordPress leaves a backup or older version of the file readable by any visitor that happens to “guess” a filename. In the past, CompSec Direct has been successful employing both techniques for customers during security audits, however the second leaves a 404 [...]

Comments Off on Why going after wp-config is a quick way to get banned

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

By |2022-06-15T01:26:03-04:00June 13th, 2015|Categories: Breach, Hacking, Reports|Tags: , |

Excellent report by Kaspersky that unmasks a breach inside their corporate infrastructure. Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks

Comments Off on Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks – ArsTechnica

Pen-testing Guidelines posted from PCI-DSS

By |2022-06-15T01:24:07-04:00April 4th, 2015|Categories: Pen-testing, Reports|Tags: , , , |

PCI-DSS recently released a revised document that covers pen-testing requirements for merchants and security providers. The document does a good job of comparing pen-testing with vulnerability assessments. If your company recently had a pen-test or vulnerability assessment done that did not cover all of these area and more, then call us and compare. Here is a [...]

Comments Off on Pen-testing Guidelines posted from PCI-DSS

IT threat evolution Q2 2014 – Kaspersky

By |2022-06-15T01:06:41-04:00September 7th, 2014|Categories: Hacking, Reports|Tags: , , , |

Please take time to read this insightful publication by David Emm, Roman Unuchek, Victor Chebyshev, Maria Garnaeva and Denis Makrushin from Kaspersky Labs. The publication offers unparalleled insight and examples of current evolving threats through the info sec lens. Click to Download

Comments Off on IT threat evolution Q2 2014 – Kaspersky