HackDig : Dig high-quality web security articles for hacker

The Ukrainian central bank warned of new NotPetya-style massive attack risk

The Ukrainian central bank warned state-owned and private lenders of the appearance of new the NotPetya-like attack that would target national businesses. On Friday, the Ukrainian central bank warned of new malware-based attack risk. According to the Reuters, the Ukrainian central bank warned state-owned and private lenders of the spreading of new infections
Publish At:2017-08-19 08:55 | Read:86 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Malware notpetya Petya r

50% of Ex-Employees Can Still Access Corporate Apps

Businesses drive the risk for data breaches when they fail to terminate employees' access to corporate apps after they leave.When employees are terminated or move on to new roles, they're often taking access to corporate data with them. For some companies, this access leads to a data breach.Researchers at identity management firm OneLogin polled 500 IT decis
Publish At:2017-08-19 02:05 | Read:101 | Comments:0 | Tags:No Tag

Announcement: IPS code

So after 20 years, IBM is killing off my BlackICE code created in April 1998. So it's time that I rewrite it.BlackICE was the first "inline" intrusion-detection system, aka. an "intrusion prevention system" or IPS. ISS purchased my company in 2001 and replaced their RealSecure engine with it, and later renamed it Proventia. Then IBM purchased ISS in 2006
Publish At:2017-08-19 00:05 | Read:67 | Comments:0 | Tags:No Tag

Unfixable Automobile Computer Security Vulnerability

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network (CAN): Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable. Patching the issue means changing how the CAN standard works a
Publish At:2017-08-18 23:05 | Read:75 | Comments:773 | Tags: Vulnerability

More on My LinkedIn Account

I have successfully gotten the fake LinkedIn account in my name deleted. To prevent someone from doing this again, I signed up for LinkedIn. This is my first -- and only -- post on that account: My Only LinkedIn Post (Yes, Really) Welcome to my LinkedIn page. It looks empty because I'm never here. I don't log in, I never post anything, and I won't read any
Publish At:2017-08-18 23:05 | Read:95 | Comments:0 | Tags:No Tag

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential
Publish At:2017-08-18 22:55 | Read:145 | Comments:0 | Tags:Other Amazon Macie Carbon Black DirectDefense Mike Viscuso s

NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilities

NoviFlow NoviWare <= NW400.2.6 multiple vulnerabilitiesIntroduction==========NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliantswitch software developed by NoviFlow and available for license tonetwork equipment manufacturers.Multiple vulnerabilities were identified in the NoviWare softwaredeployed on NoviSwitch devices. They could allow a
Publish At:2017-08-18 14:45 | Read:115 | Comments:0 | Tags:No Tag

CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE

Hello,This is an advisory for CVE-2017-6327 which is an unauthenticated remotecode execution flaw in the web interface of Symantec Messaging Gatewayprior to and including version 10.6.3-2, which can be used to executecommands as root.Symantec Messaging Gateway, formerly known as Brightmail, is a linux-basedanti-spam/security product for e-mail servers. It is
Publish At:2017-08-18 14:45 | Read:107 | Comments:0 | Tags:No Tag

Executable installers are vulnerable^WEVIL (case 53): escalation of privilege with QNAP's installers for Windows

Hi @ll,the executable installer QNAPQsyncClientWindows-4.2.1.0602.exe,available from <https://www.qnap.com/en/download>, has (likealmost all executable installers) multiple vulnerabilities:#1: arbitrary (remote) code execution WITH escalation of privilege~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~On a fully patched Windows 7 SP1
Publish At:2017-08-18 14:45 | Read:93 | Comments:0 | Tags:No Tag

An unpatchable flaw in CAN protocol expose modern cars to hack

Experts discovered a flaw in CAN protocol that could be exploited by an attacker to disable safety systems of connected cars, including power-steering. Almost any function in modern vehicles, from brakes to accelerator, is electronically controlled, this means that the surface of attack is dramatically enlarging. We discussed car hacking several times, ex
Publish At:2017-08-18 14:30 | Read:99 | Comments:0 | Tags:Breaking News Hacking automotive CAN bus Car hacking

Hacker published the decryption key for the Apple Secure Enclave security chip

A hacker Thursday afternoon published what he claims to be the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. The Apple Secure Enclave is an ARM-based coprocessor that enhances iOS security, but on Thursday a hacker published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. According to Apple 
Publish At:2017-08-18 14:30 | Read:116 | Comments:0 | Tags:Breaking News Hacking Apple Apple Secure Enclave decryption

Misconfigured AWS S3 exposed 1.8 million US voter records

More than 1.8 million voter records belonging to Americans have been accidentally leaked online by a US voting machine supplier for dozens of US states. It has happened again, more than 1.8 million voter records belonging to Americans have been accidentally leaked online by a US voting machine supplier for dozens of US states. The voter records were left op
Publish At:2017-08-18 14:30 | Read:64 | Comments:0 | Tags:Breaking News Digital ID Hacking AWS S3 Chris Vickery data b

Faketoken evolves and targets taxi booking apps to steal banking info

Kaspersky discovered a news strain of the mobile banking Trojan Faketoken that displays overlays on top of taxi booking apps to steal banking information. Security experts from Kaspersky have discovered a news strain of the infamous mobile banking trojan Faketoken that implements capabilities to detect and record an infected device’s calls and display
Publish At:2017-08-18 14:30 | Read:69 | Comments:0 | Tags:Breaking News Malware Mobile Android Banking Malware Faketok

Across the Great Divide: Measuring Security Awareness Among US and UK Users

End users in the U.S. and U.K. have very different attitudes toward security. Earlier this summer, Wombat Security surveyed more than 2,000 working adults — half in the U.S. and half in the U.K. — about various cybersecurity topics and perceptions of best practices. The researchers found some interesting surprises and noted a series of different attitudes a
Publish At:2017-08-18 13:25 | Read:119 | Comments:0 | Tags:Risk Management Cybersecurity Mobile Security Password Manag

Government Agencies Must Work With the Private Sector to Bolster Infrastructure Security

Securing data is never easy. It often requires the infusion of outside expertise to put together an effective information security strategy. Data stored on government servers is especially valuable to both individual fraudsters and nation-state actors, and government agencies have been under pressure to enhance their infrastructure security capabilities and
Publish At:2017-08-18 13:25 | Read:64 | Comments:0 | Tags:Data Protection Government Cybersecurity Cybersecurity Frame

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud