Upcoming program reviews

I will soon start publishing some reviews of programs that I use daily. These range from password managers, file managers, security tools, development tools, image editing and more.

Each post will have an in-depth explanation of how you can use the program and configure it to your needs. The first program I will introduce to you will be a password manager, Keepass, which will help you generate very secure passwords and remember them for you.

US Government released data that Russia used Ukrainian PHP Malware

The Department of Homeland Security and the Office of the Director of National Intelligence, have released their JAR, also known as a Joint Analysis Report. They called it the GRIZZLY STEPPE JAR. You can read the full publication at https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity or you can download it from our site. JAR_16-20296A_GRIZZLY STEPPE-2016-1229

“The US Government confirms that two different RIS actors participated in the intrusion into a US political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.” from the Joint Analysis Report GRIZZLY STEPPE

 

Continue reading “US Government released data that Russia used Ukrainian PHP Malware”

DROWN SSLv2 Vulnerability Rears Ugly Head, Puts One-Third of HTTPS Servers At Risk – TrendLabs Security Intelligence Blog

 

A “new” and¬†important vulnerability has been discovered that affects HTTPS and other services that rely on SSL/TLS implementations. This flaw is in the SSLv2 protocol, and affects all implementations.¬†Researchers refer to this attack as DROWN – short for “Decrypting RSA using Obsolete and Weakened eNcryption”. This attack allows attackers to read or steal information sent via the “secure” connection. No attacks in the wild are currently known.

Source: DROWN SSLv2 Vulnerability Rears Ugly Head, Puts One-Third of HTTPS Servers At Risk – TrendLabs Security Intelligence Blog