HackDig : Dig high-quality web security articles for hacker

Advisory X41-2017-004: Multiple Vulnerabilities in tnef

X41 D-Sec GmbH Security Advisory: X41-2017-004Multiple Vulnerabilities in tnef================================Overview--------Confirmed Affected Versions: 1.4.12 and earlierConfirmed Patched Versions:Vendor: verdammeltVendor URL: https://github.com/verdammelt/tnef/Vector: FileCredit: X41 D-Sec GmbH, Eric SesterhennStatus: PublicAdvisory-URL: https://www.x41-
Publish At:2017-02-24 10:35 | Read:80 | Comments:0 | Tags:No Tag

Unicorn Emulator v1.0 is out!

Greetings,We are super happy to announce version 1.0 for Unicorn CPU Emulatorframework!Full source code & precompiled binaries are now available athttp://www.unicorn-engine.org/Version-1.0This release is the result of over 1 year of community-based development.We fixed a lot of issues on all architectures, added some new APIs andprovide 3 more bindings i
Publish At:2017-02-24 10:35 | Read:104 | Comments:0 | Tags:No Tag

SHAttered attack, Google and CWI conducted the first SHA-1 collision attack

Experts at Google and CWI conducted the first real world collision attack against popular SHA-1 hashing algorithm, so called shattered-attack. Researchers at Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands succeeded in conducting the first real world collision attack against popular SHA-1 hashing algorithm. The researchers created two
Publish At:2017-02-24 10:20 | Read:33 | Comments:0 | Tags:Breaking News Hacking Collision Attack digest digital certif

Out-of-band resource load in Google allows attacker to launch a DDoS attack from its servers

A security researcher discovered an Out-of-band resource load flaw in Google’s servers that allowed him to perform a DDoS attack on remote hosts. Young security researcher, Luka Sikic from Croatia found a serious vulnerability in Google. He was able to servers of the IT giant to perform a DDoS attack on remote hosts. Out-of-band resource load (classifi
Publish At:2017-02-24 10:20 | Read:45 | Comments:0 | Tags:Breaking News Hacking DDoS Google Out-of-band resource load

Cloudbleed flaw exposes sensitive data from millions sites behind CloudFlare

Cloudflare was leaking a wide range of sensitive information, including authentication cookies and login credentials, the flaw was dubbed Cloudbleed. The notorious Google security researcher, Tavis Ormandy, recently made and astonishing discovery, Cloudflare was leaking a wide range of sensitive information, including authentication cookies and login credent
Publish At:2017-02-24 10:20 | Read:70 | Comments:0 | Tags:Breaking News Data Breach Digital ID Hacking Cloudbleed Clou

South Korea targeted by a cyber espionage campaign, experts blame Norks

South Korea is once against under attack, alleged nation-state hackers have launched a sophisticated cyber espionage campaign on organizations in the public sector. According to the experts at Cisco Talos, the cyber espionage campaign was active between November 2016 and January 2017 and leveraged on vulnerabilities in a Korean language word processing progr
Publish At:2017-02-24 10:20 | Read:64 | Comments:0 | Tags:APT Cyber warfare Intelligence Hacking Information Warfare N

The First Rule of Security Club: Don’t Talk About Security

The first rule of Security Club is don’t talk about security — or, more accurately, don’t get so overzealous about security that you stop delivering value to the business. We need to talk about business value, not security. Many security professionals have fallen into this hole, and it’s easy to see how. Any security briefing will tell you
Publish At:2017-02-24 09:15 | Read:50 | Comments:0 | Tags:Government and Federal Risk Management Artificial Intelligen

Making the Move to an All-HTTPS Network

Many website operators have wrestled with the decision to move all their web infrastructure to support HTTPS protocols. The upside is obvious: better protection and a more secure pathway between browser and server. Having a secure connection also makes it harder for cybercriminals to insert man-in-the-middle (MitM) or man-in-the-browser (MitB) attacks, and i
Publish At:2017-02-24 09:15 | Read:79 | Comments:0 | Tags:Infrastructure Protection Network & Endpoint Browser Securit

One Million Coachella User Accounts Found For Sale on The Dark Web

Nearly one million user accounts for the Coachella Valley Music and Arts Festival website have been found for sale on the underground marketplace.According to a recent report by Motherboard, the data available for purchase includes email addresses, usernames and hashed passwords.The data trader, who identifies as ‘Berkut,’ wrote on the Tochka marketplace lis
Publish At:2017-02-24 08:30 | Read:94 | Comments:0 | Tags:Latest Security News Coachella data breach

The Top 10 Cities for Information Security Professionals in 2017

A lack of skilled information security professionals poses a threat to most organizations. In Tripwire’s 2016 Security Challenge Survey – Skills Gap, 75 percent of IT security professionals said they don’t have enough skilled personnel to detect and respond to a breach. Almost the same percentage (66 percent) of respondents reported a dearth of t
Publish At:2017-02-24 08:30 | Read:90 | Comments:0 | Tags:Off Topic Information Security jobs skills gap

CloudFlare Patched Parser Bug that Leaked Private Information

CloudFlare has patched an issue in its HTML parser chain that caused a buffer overflow and returned memory containing private information.According to CloudFlare CTO John Graham-Cumming, the Internet performance and security company first learned of the bug on 17 February. Tavis Ormandy, a Google Project Zero researcher who’s previously found holes in
Publish At:2017-02-24 08:30 | Read:72 | Comments:0 | Tags:Latest Security News Cloudflare Data Leak vulnerability Clou

Netflix Launches Stethoscope Advisor App for Securing Your Devices

Netflix introduced Stethoscope, an open source web app seeking to help users secure their computers, smartphones, and tablets. Developed by Netflix, Stethoscope is the company's first project following a User Focused Security approach."The notion of 'User Focused Security' acknowledges that attacks against corporate users (e.g., ph
Publish At:2017-02-24 05:20 | Read:41 | Comments:0 | Tags:Security

End-Of-Life Software Alive And Well On US PCs

7.5% of users ran unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016, new study shows. The average PC user in the United States has 75 programs installed on their machine and 7.4% are end-of-life software that no longer receive regular vendor security updates.This finding comes from a new report published this week by Secuni
Publish At:2017-02-24 03:30 | Read:123 | Comments:0 | Tags:No Tag

Microsoft Releases Security Updates For Some, Not All, Flaws

February 21 release addresses Adobe Flash Player bugs for Internet Explorer on Windows 8.1 and Edge for Windows 10.After delaying its Patch Tuesday security release slated for February 14 reportedly owing to a last-minute hitch, Microsoft this week issued security patches but only for some vulnerabilities, Fixes for two known zero-day vulnerabilities were no
Publish At:2017-02-24 03:30 | Read:67 | Comments:0 | Tags:No Tag

Blockchain's New Role In The Internet of Things

With next gen 'distributed consensus' algorithms that combine both security and performance, organizations can defend against DDoS attacks, even those that leverage IoT devicesOn October 21st, a new malware weapon called the Mirai botnet took down a huge portion of the Internet, by launching a DDoS attack on Dyn, a company that controls much of the Inte
Publish At:2017-02-24 03:30 | Read:81 | Comments:0 | Tags:No Tag

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud