TPS ASAG - Application Security Awareness Group

Hi and welcome to TPS Application Security Awareness Group.

Over here we would be providing latest information related to Application Security and providing updates related but not limited to

• Zero Day Vulnerabilities
• How tos
• Security Awareness

Browse through the following posts to see what we are offering.

• Threat Models 101.
• Goodbye Passwords, Hello Convenience: The Benefits of Passkeys
• Phishing 101.  Don’t Get Hooked!
• A Guide to Secure Password Management
• Watch that Selfie
• Spring4Shell :: What is it ? Exploits and Remediation.
• Log4J vulnerability, its impact, how to verify & remediate
• TPS Security – 8 Tips to work Securely from Home
• Tip and precautions while working from home. #WFH
• Linux Sudo Vulnerability. Is your SUDO Secure ? Read on to find more .
• Samsung Finger Print Vulnerability Hits Mainstream. Details & Remediation.
• Microsoft Patch Tuesday
• SamSam: Targeted Ransomware Attacks Continue
• Securing Payment Systems to Prevent Cyber Attacks
• FBI Warns of Widespread ATM Cash-Out Scheme. Recommendations for Financial Institutions and Card Owners
• Are your computing resources being used by Crypto Miners ? & if yes, then it’s remediations
• PoS Malware Steals Credit Card Data via DNS Requests
• Meltdown and Spectre
• RENEW Certificate in Windows OS
• Bad Rabbit Ransomware Spreads via Network, Hits Ukraine and Russia
• Microsoft October Patch Fixes 62 Vulnerabilities, including an Office Zero-Day
• Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse
• How to know your Operating System details via command line
• How to know if you are inside a VM ?
• What if your email could altered by a hacker and you would become a victim of phishing, even after is successfully delivered to your mail box
• Petya / Petwrap / GoldenEye, successor of WannaCry. How does it work, and it’s protection mechanisms
• WannaCry Ransomware – Impact & Steps to Prevention
• How to know the IIS Version
• IIS 6.0 vulnerable to many online threats … What’s the way out ? Upgrade to latest IIS.
• Http Response Headers
• Google invalidates Symantec issued Extended Validation Certificates (Developing Story)
• Install Certificate in Windows OS
• Nartac Tool (IIS Crypto)
• OpenSSL Commands & their usage
• HTTP Headers Hardening
• Why should you be upgrading to IIS 10 ?
• Move from HTTP to HTTPS.
• MS16-035 – .NET XML Validation Security Feature Bypass
• MS15-034: Vulnerability in HTTP.sys could allow remote code execution
• BREACH ATTACK
• Dirty COW (CVE-2016-5195) – Zero Day Linux Vulnerability
• Update of Dirty Cow, Zero Day Linux Vulnerability.
• Transitioning from SHA-1 to SHA-2
• Poodle Attacks :: SSL Vulnerability & Transport Security Protocol