Security Advisory – Page 8 – WindowsTechs.com

Steps to Keep Your Site Clean: Updates

Posted on April 24, 2018 by Celise Davison

This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates.
Updates
Repeatedly we see websites being infected or reinfected when im… Continue reading Steps to Keep Your Site Clean: Updates→

Malicious Activities with Google Tag Manager

Posted on April 17, 2018 by Cesar Anjos

If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”. But when malicious behavior ensues, everything should be double-checked and s… Continue reading Malicious Activities with Google Tag Manager→

Content Security Policy

Posted on April 13, 2018 by Gerson Ruiz

As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks consist of injecting malicious client-side scripts into a website and using the website as a pro… Continue reading Content Security Policy→

What is Virtual Hardening?

Posted on March 26, 2018 by Juliana Lewis

If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of protection to reduce the potential attack surface. Hardening often involves manual measures of adding cod… Continue reading What is Virtual Hardening?→

Steps to Keep Your Site Clean: Access Points

Posted on March 13, 2018 by Celise Davison

Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can help, and the worry it causes. Maybe you were able to get your site back on track or had a company clean t… Continue reading Steps to Keep Your Site Clean: Access Points→

From Public Key to Exploitation: How We Exploited the Authentication in MS-RDP

Posted on March 13, 2018 by Eyal Karni

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a critical vulnerability that was discovered by Preempt. This vulnerability can be classified as a logical remote code execution (RCE) vulnerability. It resembles a classi… Continue reading From Public Key to Exploitation: How We Exploited the Authentication in MS-RDP→

Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video)

Posted on March 13, 2018 by Yaron Zinar

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt researchers. The vulnerability consists of a logical flaw in Credential Security Support Provider protocol (CredSSP) which is used by RDP (… Continue reading Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video)→

Intro to Securing an Online Store – Part 2

Posted on March 6, 2018 by Victor Santoyo

Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These principles can help in satisfying PCI DSS requirements 8 & 10:

Requirement 8 – Identify… Continue reading Intro to Securing an Online Store – Part 2→

The Impacts of Zero-Day Attacks

Posted on February 28, 2018 by Gerson Ruiz

Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from exploiting it. Today, we would like to expand on the impacts of these attac… Continue reading The Impacts of Zero-Day Attacks→

The Impacts of Zero-Day Attacks

Posted on February 28, 2018 by Gerson Ruiz