15 August 2022

Cyber Academy - RiSec

Cyber Academy | Web Security | Cyber News | Information Security News | Setups & Guides | Global Threat Intelligence | Honeypots & Vulnerability Analysis | Linux Guides

Cyber Academy Articles & Tutorials

Posts Grid

Windows 11 Account lockout policy is enabled by default to block brute force attacks

Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. The lockout policy was set to limit the number of failed sign-in attempts to 10, for 10 minutes. “Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome.” announced David Weston, Microsoft vice president……

 1,542 total views,  22 views today

Linode + Kali Linux: Added security for cloud instances

The popular open-source Linux distribution, Kali Linux, specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting Kali Linux on Linode The infrastructure-as-a-service (IaaS) platform provider, recently acquired by Akamai, offers two ways to get Kali: A bare-install version in the form of an official Kali distribution (without a GUI and tools) that can be deployed on any Linode compute instance and used via a command line interfaceA Kali Linux Marketplace app (with an XFCE user interface, a full suite of tools, and various additional options)……

 2,488 total views,  26 views today

Preventing Cross-site Scripting (XSS) Web Security

Cross-site scripting is one of the most common and popular web attacks. XSS is a command injection of the client side, it can result in any action that can be performed by the user. Mostly XSS is used for session hijacking where the attacker using javascript makes the victim transmit session cookies to an attacker-controlled server and from there the attacker can perform “session riding”. However, XSS can also result in a complete application takeover. Consider a scenario in which you inject javascript and it gets stored. The admin then……

 5,586 total views,  31 views today

XSS Prevention Cheat Sheet Cross-Site Scripting -Extended

What is XSS? Cross-Site Scripting in short XSS refers to the penetration of website security. A simple XSS vulnerability can act as a sitewide logger. To be honest, it does more damage to the user browsing the site than the web server itself. So yes, it is quite dangerous. Some people may confuse XSS with CSS, which is a very different thing. Cascading Style Sheets or CSS is used in the design functionality of a webpage. Simple JavaScript like this can cause a massive hole in security as an XSS……

 6,444 total views,  13 views today

Fixing indirect vulnerabilities without breaking your dependency tree

Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. No one except for Debricked, it seems. Sure, there are lots of ways to do it manually, but can it be done automatically with minimal risk of breaking changes? The Debricked team decided to find out. A forest full of fragile trees So, where do you even start? Firstly, there needs to be a way to fix the vulnerability, which, for indirect dependencies, is no walk in the park. Secondly,……

 29,062 total views,  2 views today

A Security Researcher Contacted Me – What should I do?

Businesses say that they take the security of customer data seriously but, when presented with a vulnerability, are often more concerned about their own reputation than the security of their customers. Handle disclosure correctly and you can do both: protect your customers and protect your reputation. Do it wrong and you damage both. By far the most painful part of vulnerability research is responsible disclosure. If we find something bad in a smart thing, it would be fairly irresponsible to publish a method to do bad things without giving the……

 32,239 total views,  8 views today

CyberSecurity Myths Debunked

CyberSecurity Myths Debunked We work online. We live online. As our fast-paced lives get exponentially dependent on digital services, the urgency to protect our information from being misused is crucial. In 2021, Microsoft went down in flames of embarrassment, as it sustained the biggest hack of that year, over 30,000 US businesses were affected by a sweeping attack on the Microsoft Exchange email servers, one of the largest email servers in the world. The hackers were able to exploit four different zero-day vulnerabilities that allowed them to gain unauthorized access to emails from small businesses……

 13,316 total views

How to remove a Trojan, Virus, Worm, or other Malware

Adware, Trojans, and Ransomware Oh My! If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware. Malware – Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms,……

 21,242 total views

NordPass 50% Off 2 Years
Share the word, let's increase Cybersecurity Awareness as we know it