HackDig : Dig high-quality web security articles for hacker

Optergy BMS 2.0.3a Remote Root

#!/usr/bin/env python## Unauthenticated Remote Root Exploit in Optergy BMS (Console Backdoor)## Affected version <=2.0.3a (Proton and Enterprise)# Discovered by Gjoko 'LiquidWorm' Krstic## CVE: CVE-2019-7276# Advisory: https://applied-risk.com/resources/ar-2019-008#################################################################################
Publish At:2019-11-14 11:10 | Read:6 | Comments:0 | Tags:No Tag

Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name

#!/usr/bin/env python# -*- coding: utf8 -*-## Prima FlexAir Access Control 2.3.35 Database Backup Predictable Name Exploit# Authentication Bypass (Login with MD5 hash)## CVE: CVE-2019-7666, CVE-2019-7667# Advisory: https://applied-risk.com/resources/ar-2019-007# Paper: https://applied-risk.com/resources/i-own-your-building-management-system## Discovered by G
Publish At:2019-11-14 11:10 | Read:75 | Comments:0 | Tags:No Tag

Australian Universities Adopt Foreign Interference Guidelines

Australia announced measures to combat foreign interference at its universities Thursday, setting new guidelines around the key areas of research collaboration, cybersecurity, and international partnerships.There has been growing concern about China's clout on campuses following a series of hacks, controversial donations and incidents of political intimidati
Publish At:2019-11-14 10:15 | Read:65 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Management & Strategy

New MITRE Foundation Aims to Boost Critical Infrastructure

American not-for-profit organization MITRE Corporation has announced the launch of a tech foundation focused on strengthening critical infrastructure through partnerships with the private sector.Called Engenuity, the foundation is a distinct, non-profit company that has its own board of directors and separate private funding.Through Engenuity, MITRE hopes to
Publish At:2019-11-14 10:15 | Read:39 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Management & Strategy

Technology and Policymakers

Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world's problems. The essay was influential -- but 60 years later, nothing ha
Publish At:2019-11-14 09:50 | Read:48 | Comments:0 | Tags:No Tag

For Caught in the Crossfire of Cyberwarfare

Authored by Dr Sandra Bell, Head of Resilience Consulting EMEA, Sungard Availability Services PDF edition of this articleThe 2019 National Cyber Security Centre’s (NCSC) Annual Review does not shy away from naming the four key protagonists when it comes to state-based cyber threats against our country. The review sites China, Russia, North Korea and Ir
Publish At:2019-11-14 09:25 | Read:112 | Comments:0 | Tags:No Tag

Shamoon-Slingers APT33 in Secret New Operations

Security researchers are warning oil and aviation industry organizations to be on their guard after spotting a notorious Iranian APT group using private VPNs to keep its activity hidden.APT33 has been linked to the infamous Shamoon destructive malware which knocked out tens of thousands of PCs at Saudi Aramco in 2012 and has been deployed across Europe and t
Publish At:2019-11-14 08:30 | Read:109 | Comments:0 | Tags:No Tag

Alleged $20M Carding Forum Mastermind Faces US Charges

A Russian national is facing charges of running a $20m carding forum after being extradited from Israel to the US.Aleksei Burkov, 29, arrived at Dulles International Airport on Monday after being arrested initially at Ben-Gurion airport in December 2015, and failing in his appeal attempts over subsequent years to avoid being shipped to the States.Accord
Publish At:2019-11-14 07:40 | Read:33 | Comments:0 | Tags:No Tag

Healthcare Malware Infections Soar 60% from 2018

Cyber-criminals are increasingly focusing data stealing and ransomware attacks on healthcare organizations (HCOs), with detected infections increasing by 60% from 2018 to the first three quarters of this year, according to Malwarebytes.The security vendor’s Cybercrime tactics and techniques: the 2019 state of healthcare report makes for concerning read
Publish At:2019-11-14 07:40 | Read:78 | Comments:0 | Tags:No Tag

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

By Feike Hacquebord, Cedric Pernet, and Kenney Lu The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narr
Publish At:2019-11-14 03:20 | Read:103 | Comments:0 | Tags:Botnets Targeted Attacks APT APT33 botnet phishing VPN

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig
Publish At:2019-11-13 22:15 | Read:92 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Value and Limitations of Vendor Telemetry and Reported Incidents

Threat statistics come from a variety of sources: reported incidents, vendor telemetry, internet traffic and dark web analysis. All have value, and all have limitations. Reported incidents form the basis of Verizon's Data Breach Investigations Report (DBIR) -- its limitation is that it cannot account for those incidents that contributors decline to repo
Publish At:2019-11-13 22:15 | Read:87 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Incident Response

Navigating a Way Out of the Lion's Den Before, During, and After Incident Response

In my previous column, I offered tips on leveraging security metrics in order to stay out of the lion’s den. It goes without saying that it’s always best to avoid the lion’s den whenever possible. In fact, much of the security advice out there is centered around this philosophy.  But what should one do if they have no choice but to put themselves in the
Publish At:2019-11-13 22:15 | Read:83 | Comments:0 | Tags:INDUSTRY INSIGHTS Incident Response

Canada Spy Agencies Split Over Proposed Huawei 5G Ban: Media

Canada's spy agencies are divided over whether or not to ban Chinese technology giant Huawei from fifth generation (5G) networks over security concerns, the Globe and Mail reported Wednesday.The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) were tasked with conducting a cybersecurity review to evaluate the
Publish At:2019-11-13 22:15 | Read:84 | Comments:0 | Tags:Cyberwarfare Mobile Security NEWS & INDUSTRY Virus &

Automated Penetration Testing Startup Pcysys Raises $10 Million

Israeli cybersecurity firm Pcysys announced on Wednesday that it has completed a $10 million Series A funding round, which brings the total raised by the company to $15 million. Pcysys, an acronym for "Proactive Cyber Systems", offers an automated penetration testing platform that uses algorithms to scan and “ethically penetrate” corporate networks usin
Publish At:2019-11-13 22:15 | Read:54 | Comments:0 | Tags:Network Security NEWS & INDUSTRY

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud