With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year.
My favourite State of Security blogs from 2017
It´s becoming a yearly tradition, but one our readers and I love! Carrie Roberts takes us through some of the tools she has found useful in the past year. The blog covers tools such as the Domain Password Audit Tool (DPAT), Powermeta by Beau Bullock, and much much!
Read all about Carrie Roberts pentesting toolbox additions here.
Back in June, a chemical engineer on Reddit received an alert when a programmable logic controllers (PLC) monitoring system started acting up. Here’s the tale of how a ransomware infection spread from a factory’s smart coffee machine to its PLC monitoring system.
To read this news story from David Bisson, click here.
We’re all aware of the Equifax breach that affected 143 million customer records. Equifax reported that Apache Struts vulnerability CVE-2017-5638 was used by the attackers. Equifax was not running its vulnerable struts application in a container. But what if it had been? Containers are more secure, so this whole situation could have been avoided, right?
Read all about how containers could have potentially saved the day for Equifax in this brilliant blog from Ben Layer.
On December 12th this year, a team of researchers including Tripwire VERT’s Craig Young announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Joe Pettit. Read the original post at: The State of Security