10 Most Common Web Security Vulnerabilities

For all too many companies, it’s not until after a breach has occurred that web security becomes a priority. During my years working as an IT Security professional, I have seen time and time again how obscure the world of IT Security is to so many of my fellow programmers.

An effective approach to IT security must, by definition, be proactive and defensive. Toward that end, this post is aimed at sparking a security mindset, hopefully injecting the reader with a healthy dose of paranoia.

In particular, this guide focuses on 10 common and significant web security pitfalls to be aware of, including recommendations on how they can be avoided. The focus is on the Top 10 Web Vulnerabilities identified by the Open Web Application Security Project (OWASP), an international, non-profit organization whose goal is to improve software security across the globe. Continue reading

Locky: the encryptor taking the world by storm

In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Locky). The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world.

Analysis of the samples has shown that this Trojan is a brand new ransomware threat, written from scratch. So, what is Locky, and how can we protect against it?

Propagation

In order to spread the Trojan, cybercriminals sent out mass mailings with malicious loaders attached to spam messages.

Initially, the malicious spam messages contained an attached DOC file with a macro that downloaded the Locky Trojan from a remote server and executed it. Continue reading

How to decrypt or get back encrypted files infected by known encrypting ransom-ware viruses.

In the last years, cybercriminals distribute a new type of viruses that can encrypt files on your computer (or your network) with the purpose of earning easy money from their victims. This type of viruses are called “Ransomware” and they can infect computer systems if the computer’s user doesn’t pay attention when opening attachments or links from unknown senders or sites that have been hacked by cybercriminals. According to my experience, the only safe way to keep yourself protected from this type of viruses is to have clean backups of your files stored in a separate place from your computer. For example, in an unplugged external USB hard drive or in DVD-Rom’s.

This article contains important information of some known encrypting ransomware –crypt- viruses that were designed to encrypt critical files plus the available options & utilities in order to decrypt your encrypted files upon infection.

Continue reading