HackDig : Dig high-quality web security articles for hacker

A Fresh Approach to Perimeter Protection: Application Isolation

Detection-based IT security solutions have never worked, and will never work. More security layers is not the answer, but smarter layers can work. Shift your mindset from “prevent, detect, and respond” to “isolate, contain, and control.” Layer after layer of security is not stopping breaches. We can’t keep the bad guys out. Oddly enough, 80+ years ago we l
Publish At:2017-11-07 13:06 | Read:65 | Comments:0 | Tags:Company News application isolation applications data segemen

REDBALDKNIGHT/BRONZE BULTER’s Daserf Backdoor Now Using Steganography

by Joey Chen and MingYen Hsieh (Threat Analysts) REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by T
Publish At:2017-11-07 11:35 | Read:8791 | Comments:2 | Tags:Malware Targeted Attacks Vulnerabilities BRONZE BULTER Daser

The Future Path of Censorship

On Saturday, I attended the excellent ORGCon in London, put on by the Open Rights Group. This was a conference with a single track and a full roster of speakers – no breakouts, no seminars. And it was very enjoyable, with interesting contributions from names I hadn’t heard before. One of those was Jamie Bartlett, who works at the think tank Demo
Publish At:2017-11-07 11:25 | Read:8250 | Comments:2 | Tags:No Tag

The Clicking Bot Applications

Cyber crime, like any crime, has its motives; each malware has its own malicious profit. Spyware spies on you. Ransomware demands a ransom to decrypt your private digital data. Phishing Malware phishes for your username, password or account numbers. Installation-fraud achieves fake software installations. Ad fraud fraudulently represents online advertisement
Publish At:2017-11-07 10:45 | Read:12265 | Comments:2 | Tags:Analysts Android App Security Mobile Malware Threat Research

mkvalidator libebml2 mkclean multiple vulnerabilities

mkvalidator libebml2 mkclean multiple vulnerabilities================Author : qflb.wu===============Introduction:=============mkvalidator is a simple command line tool to verify Matroska and WebM files for spec conformance. It checks the various bogus or missing key elements against the EBML DocType version of the file and reports the errors/warnings in the
Publish At:2017-11-07 05:25 | Read:6494 | Comments:0 | Tags:No Tag

Malware signed with stolen Digital code-signing certificates continues to bypass security software

A group of researchers demonstrated that malware signed with stolen Digital code-signing certificates continues to bypass security software. A recent study conducted by the Cyber Security Research Institute (CSRI) revealed that stolen digital code-signing certificates are available for sale for anyone to purchase on the dark web for up to $1,200. Digital cod
Publish At:2017-11-07 05:10 | Read:7275 | Comments:2 | Tags:Breaking News Cyber Crime Deep Web Hacking Malware Digital c

Paradise Papers were the result of the hack of external attackers

Most of the Paradise Papers came from offshore legal firm Appleby, which confirms the leak came from a hack on its network and no insiders were involved. The Paradise Papers is a collection of more than 13.4 million financial documents leaked online that has shed light on how major figures in the world of business, politics, entertainment, and sport move th
Publish At:2017-11-07 05:10 | Read:11899 | Comments:0 | Tags:Breaking News Data Breach Hacking Appleby data leak Panama P

Cisco patches a DoS vulnerability in IOE XE operating system

Cisco fixed a vulnerability in IOE XE software that was introduced due to changes to its implementation of the BGP over an Ethernet VPN. Cisco patches a DoS vulnerability in IOE XE software that was introduced due to changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN. The Cisco IOS XE operating system automates network op
Publish At:2017-11-07 05:10 | Read:6786 | Comments:0 | Tags:Breaking News Security Vulnerability

One Third of The Internet Has Seen a DDoS Attack In The Past Two Years

A group of researchers has conducted a rigorous comprehensive characterization of this DDoS attacks and of countermeasures to mitigate the associated risks. Denial of Service (DoS) attacks have been around about as long as computers have been network connected. A website’s purpose is to accept connections from the Internet and return information. A bad
Publish At:2017-11-07 05:10 | Read:6849 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Reports botnet DDoS attack

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:5990 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

9 Tips for CRISC Exam Success

IT enterprise risk management is a key area that every well-established company should take seriously. This is especially true considering the sheer number and variety of threats and vulnerabilities discovered almost daily.Successful IT enterprise risk management requires qualified and experienced professionals. ISACA’s CRISC (Certified in Risk and Inf
Publish At:2017-11-07 03:41 | Read:10841 | Comments:1 | Tags:General Security

10 Tips for CISA Exam Success

It is quite hard to think of a company that does not use any sort of information system as a basis for doing business. In fact, the actual standard for most companies is having several information systems that are business-critical and will probably contain confidential data such as financial information, personally identifiable information or even tra
Publish At:2017-11-07 03:40 | Read:10680 | Comments:0 | Tags:General Security

10 Tips for PMP Certification Exam Success

The Project Management Professional (PMP) certification by the Project Management Insititute (PMI) is a good choice for project managers in any industry. According to PMI, a PMP certifcation can increase your salary by an average of 20% and help your organiation complete more of their projects on time, on budget and meeting original goals.As you’re gea
Publish At:2017-11-07 03:40 | Read:6302 | Comments:0 | Tags:General Security

Virtual Reality Could Serve as a Cybersecurity Recruiting Tool

A recent study finds 74% of millennials and post-millennials agree VR use in cybersecurity tools may entice them into an IT security career.Cybersecurity tools that employ immersive technologies such as virtual reality and augmented reality could attract millennials and post-millennials to IT security careers, a new study shows.Across the globe, the IT secur
Publish At:2017-11-06 22:20 | Read:11065 | Comments:0 | Tags:No Tag

External Attacker Leaked 'Paradise Papers,' Law Firm Reports

The Paradise Papers contain 13.4m documents allegedly hacked by an outsider, the targeted law firm reports.The release of the Paradise Papers, a collection of 13.4 million documents, has revealed tax affairs of the ultra-wealthy, reports the BBC. Most of the papers came from offshore legal firm Appleby, which says the leak came from a hack on its network and
Publish At:2017-11-06 22:20 | Read:6419 | Comments:0 | Tags:No Tag


Share high-quality web security related articles with you:)


Tag Cloud