HackDig : Dig high-quality web security articles for hacker

Compromising vital infrastructure: how voting machines and elections are vulnerable

In our first post in a series about vital infrastructure, we aim to explore how secure our voting machines—and our votes in general—are ahead of the upcoming midterm elections. Here, we ask ourselves: How can our infrastructure be compromised? What are the consequences, and how can we prevent attacks or limit the damage? The outcome of elections has an enorm
Publish At:2018-11-03 23:25 | Read:13080 | Comments:0 | Tags:Cybercrime Hacking compromising voting machines Denial of Se

Why a Dog Bite is a Lesson in Handling Cyberattacks

A few weekends ago, my dog bit me. In his defense, it was dark and I had tackled him unexpectedly to stop him from walking off our under-construction, railing-less deck. It hurt, but at the time I didn’t realize how critical my next actions would be. It was late, I had house guests, and I decided to dress the wound myself. But by the following afternoon, my
Publish At:2018-11-03 07:44 | Read:11302 | Comments:0 | Tags:INDUSTRY INSIGHTS Incident Response

A Fresh Approach to Perimeter Protection: Application Isolation

Detection-based IT security solutions have never worked, and will never work. More security layers is not the answer, but smarter layers can work. Shift your mindset from “prevent, detect, and respond” to “isolate, contain, and control.” Layer after layer of security is not stopping breaches. We can’t keep the bad guys out. Oddly enough, 80+ years ago we l
Publish At:2017-11-07 13:06 | Read:65 | Comments:0 | Tags:Company News application isolation applications data segemen

REDBALDKNIGHT/BRONZE BULTER’s Daserf Backdoor Now Using Steganography

by Joey Chen and MingYen Hsieh (Threat Analysts) REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by T
Publish At:2017-11-07 11:35 | Read:18567 | Comments:2 | Tags:Malware Targeted Attacks Vulnerabilities BRONZE BULTER Daser

The Future Path of Censorship

On Saturday, I attended the excellent ORGCon in London, put on by the Open Rights Group. This was a conference with a single track and a full roster of speakers – no breakouts, no seminars. And it was very enjoyable, with interesting contributions from names I hadn’t heard before. One of those was Jamie Bartlett, who works at the think tank Demo
Publish At:2017-11-07 11:25 | Read:17220 | Comments:2 | Tags:No Tag

The Clicking Bot Applications

Cyber crime, like any crime, has its motives; each malware has its own malicious profit. Spyware spies on you. Ransomware demands a ransom to decrypt your private digital data. Phishing Malware phishes for your username, password or account numbers. Installation-fraud achieves fake software installations. Ad fraud fraudulently represents online advertisement
Publish At:2017-11-07 10:45 | Read:39467 | Comments:2 | Tags:Analysts Android App Security Mobile Malware Threat Research

mkvalidator libebml2 mkclean multiple vulnerabilities

mkvalidator libebml2 mkclean multiple vulnerabilities================Author : qflb.wu===============Introduction:=============mkvalidator is a simple command line tool to verify Matroska and WebM files for spec conformance. It checks the various bogus or missing key elements against the EBML DocType version of the file and reports the errors/warnings in the
Publish At:2017-11-07 05:25 | Read:13978 | Comments:0 | Tags:No Tag

Malware signed with stolen Digital code-signing certificates continues to bypass security software

A group of researchers demonstrated that malware signed with stolen Digital code-signing certificates continues to bypass security software. A recent study conducted by the Cyber Security Research Institute (CSRI) revealed that stolen digital code-signing certificates are available for sale for anyone to purchase on the dark web for up to $1,200. Digital cod
Publish At:2017-11-07 05:10 | Read:15746 | Comments:2 | Tags:Breaking News Cyber Crime Deep Web Hacking Malware Digital c

Paradise Papers were the result of the hack of external attackers

Most of the Paradise Papers came from offshore legal firm Appleby, which confirms the leak came from a hack on its network and no insiders were involved. The Paradise Papers is a collection of more than 13.4 million financial documents leaked online that has shed light on how major figures in the world of business, politics, entertainment, and sport move th
Publish At:2017-11-07 05:10 | Read:39873 | Comments:0 | Tags:Breaking News Data Breach Hacking Appleby data leak Panama P

Cisco patches a DoS vulnerability in IOE XE operating system

Cisco fixed a vulnerability in IOE XE software that was introduced due to changes to its implementation of the BGP over an Ethernet VPN. Cisco patches a DoS vulnerability in IOE XE software that was introduced due to changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN. The Cisco IOS XE operating system automates network op
Publish At:2017-11-07 05:10 | Read:15423 | Comments:0 | Tags:Breaking News Security Vulnerability

One Third of The Internet Has Seen a DDoS Attack In The Past Two Years

A group of researchers has conducted a rigorous comprehensive characterization of this DDoS attacks and of countermeasures to mitigate the associated risks. Denial of Service (DoS) attacks have been around about as long as computers have been network connected. A website’s purpose is to accept connections from the Internet and return information. A bad
Publish At:2017-11-07 05:10 | Read:15701 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Reports botnet DDoS attack

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:13280 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

9 Tips for CRISC Exam Success

IT enterprise risk management is a key area that every well-established company should take seriously. This is especially true considering the sheer number and variety of threats and vulnerabilities discovered almost daily.Successful IT enterprise risk management requires qualified and experienced professionals. ISACA’s CRISC (Certified in Risk and Inf
Publish At:2017-11-07 03:41 | Read:39298 | Comments:1 | Tags:General Security

10 Tips for CISA Exam Success

It is quite hard to think of a company that does not use any sort of information system as a basis for doing business. In fact, the actual standard for most companies is having several information systems that are business-critical and will probably contain confidential data such as financial information, personally identifiable information or even tra
Publish At:2017-11-07 03:40 | Read:37462 | Comments:0 | Tags:General Security

10 Tips for PMP Certification Exam Success

The Project Management Professional (PMP) certification by the Project Management Insititute (PMI) is a good choice for project managers in any industry. According to PMI, a PMP certifcation can increase your salary by an average of 20% and help your organiation complete more of their projects on time, on budget and meeting original goals.As you’re gea
Publish At:2017-11-07 03:40 | Read:14181 | Comments:0 | Tags:General Security


Share high-quality web security related articles with you:)


Tag Cloud