HackDig : Dig high-quality web security articles for hacker

BGP Hijacking: The Internet is Still/Again Broken, (Thu, Apr 27th)

The Internet is a network of networks. Each Autonomous system (AS) connects to the internet using a router that speaks the Border Gateway Protocol (BGP) to disseminate and receive routing information. The problem is that there is no authoritative way to figure out who is supposed to receive which IP address space (no, whois information is not authoritative).
Publish At:2017-04-27 21:55 | Read:72 | Comments:0 | Tags:No Tag

Security Issues in Alerton Webtalk (Auth Bypass, RCE)

Security Issues in Alerton Webtalk==================================Introduction------------Vulnerabilities were identified in the Alerton Webtalk Software supplied byAlerton. This software is used for the management of building automationsystems. These were discovered during a black box assessment and thereforethevulnerability list should not be considere
Publish At:2017-04-27 20:55 | Read:40 | Comments:0 | Tags:No Tag

A Magnet for Cybercrime: Financial Services Sector

As revealed in the 2017 IBM X-Force Threat Intelligence Index, the financial services sector was attacked more than any other industry last year. The average financial services client organization monitored by IBM Security Services experienced 65 percent more attacks than the average client organization across all industries (see Figure 1). Moreover, 2016 sa
Publish At:2017-04-27 19:35 | Read:94 | Comments:0 | Tags:Advanced Threats Banking & Financial Services Threat Intelli

TrickBot Is Hand-Picking Private Banks for Targets — With Redirection Attacks in Tow!

IBM X-Force research follows organized cybercrime and continually monitors the criminals’ targets and modus operandi. In a recent analysis of TrickBot campaigns in the U.K., Australia and Germany, I found that the operators of the infamous Trojan have been adding new redirection attacks focused on a list of brands that I had never seen in the past. Cur
Publish At:2017-04-27 19:35 | Read:30 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Raspberry Pi Makes Learning Technology Sweet

April 27 is Take Our Daughters and Sons to Work Day in the U.S. As I started talking to my co-workers and siblings about how they were planning to participate, I realized something: Quite a few of them take their work home to their kids as well. My interest piqued, I decided to interview two fellow IBMers, Nathan and Mike, who I knew were working on Raspberr
Publish At:2017-04-27 19:35 | Read:85 | Comments:0 | Tags:Security Intelligence & Analytics children at work Raspberry

APT Trends report, Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to as
Publish At:2017-04-27 19:15 | Read:43 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT fileless mal

The Deep Web: Myths And Truths You Need To Know

Every now and then the media comes up with a sensational story about the Deep Web. Often these tales are shocking and frightening – but are they true? What is the Dark Web and Deep Web? Before going further, we need to understand what the Deep Web actually is – fortunately the concept is much easier than you might think. Any web page that you can locate from
Publish At:2017-04-27 12:00 | Read:93 | Comments:0 | Tags:Mobile News News dark web deep web Internet tor

Reading Analytics and Privacy

Interesting paper: "The rise of reading analytics and the emerging calculus of reading privacy in the digital world," by Clifford Lynch: Abstract: This paper studies emerging technologies for tracking reading behaviors ("reading analytics") and their implications for reader privacy, attempting to place them in a historical context. It discusses what data is
Publish At:2017-04-27 10:50 | Read:64 | Comments:0 | Tags:No Tag

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to as
Publish At:2017-04-27 05:40 | Read:41 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT fileless mal

If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again), (Wed, Apr 26th)

Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy that you need to disable. And then, when you finally Googled your way through how to disable it width:300px" /> A little bit odd is the distribution in TTLs. I am still trying to see if this is just
Publish At:2017-04-27 03:30 | Read:88 | Comments:0 | Tags: exploit

Atlassian HipChat group chat service hacked, change your password now!

Atlassian announced that unknown hackers broke into a cloud server of the company and accessed a huge amount of data of its group chat service HipChat. On Monday, Atlassian reset user passwords for its group chat service HipChat after it notified its customers of a data breach.  Unknown hackers broke into a cloud server of the company and stole a huge amoun
Publish At:2017-04-27 02:15 | Read:97 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Hacking Atlassian Cybe

Four Essential Security & Privacy Extensions for Chrome

Here are the top four extensions for the Chrome browser to keep your online activity safe, secure and private. The recent global wave of cybercrimes, particularly via exploiting loopholes in many leading browsers, has put internet privacy and online security directly in the line of fire. Internet users, in general, are worried about securing their data again
Publish At:2017-04-27 02:15 | Read:88 | Comments:0 | Tags:Breaking News Digital ID Chrome extensions cyber security pr

Cybersecurity Executive Order Recommendation issued by ISC2

(ISC)² delivered recommendations to White House urging prioritization on development of workforce for the final version of the cybersecurity executive order The nonprofit organization (ISC)² has issued a recommendation calling President Trump to develop workforce as a priority when he issued the final version of the cybersecurity executive order. The main go
Publish At:2017-04-27 02:15 | Read:99 | Comments:0 | Tags:Breaking News Security

Security vulnerabilities in Hyundai Blue Link mobile app allowed hackers to steal vehicles

Security vulnerabilities in the Hyundai Blue Link mobile apps allowed hackers to steal vehicles, the car maker fixed them. Security vulnerabilities in the Hyundai Blue Link mobile apps could be exploited by hackers to locate, unlock and start vehicles of the carmaker. The Blue Link application is available for both iOS and Android mobile OSs, it was develope
Publish At:2017-04-27 02:15 | Read:91 | Comments:0 | Tags:Breaking News Hacking Car hacking Hyundai Blue Link MITM mob

Building an Effective CISO-CIO Partnership

For many, the most common reporting structure in today’s business environment is overly complicated. The majority of security leaders around the world report directly to the chief information officer (CIO), which can cause an enormous amount of conflict. That reporting structure, however, is slowly changing for some companies. In those organizations,
Publish At:2017-04-27 01:10 | Read:116 | Comments:0 | Tags:CISO Government C-Suite Chief Information Officer (CIO) Chie

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud