HackDig : Dig high-quality web security articles for hacker

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot s
Publish At:2020-03-31 08:22 | Read:1 | Comments:0 | Tags:APT reports Featured Adobe Flash Backdoor drive-by attack Ja

The MITRE ATT&CK Framework: Execution

Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than, Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state of the art advanced persistent threat actors, all of them have execution in common. There’s a great quote from Al
Publish At:2020-03-31 08:17 | Read:40 | Comments:0 | Tags:Featured Articles MITRE Framework ATT&CK execution malware r

Zoom Updates Privacy Policy After Experts Raise Concerns

Remote conferencing services provider Zoom this week updated its privacy policy following the publishing of a series of reports raising concerns regarding the privacy of Zoom users.Headquartered in San Jose, California, Zoom provides users with a platform that combines video and audio conferencing, online meetings, chat, screen sharing, and more.With the cur
Publish At:2020-03-31 07:20 | Read:67 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Compliance Data Protection Priva

Retooling Cyber Ranges

Cloud-based Cyber Ranges Will Change the Future of Training and Certifying Security and DevOps ProfessionalsA half-decade ago, with much fanfare, cyber ranges were touted as a revolutionary pivot for cybersecurity professionals’ training. Many promises and investments were made, yet the revolution has been slow coming. What may have been a slow start appears
Publish At:2020-03-31 07:20 | Read:16 | Comments:0 | Tags:INDUSTRY INSIGHTS Incident Response Training & Certifica

3 Ways to Secure Yourself From Common Web Attacks

3 Ways to Secure Yourself From Common Web Attacks March 31st, 2020 No Comments anti-phishing, Data Privacy, Data Protection, Online Privacy, Online Safety, PC security, Uncategorized With the increase in largely-publicized security breaches to corpo
Publish At:2020-03-31 07:15 | Read:57 | Comments:0 | Tags:anti-phishing Data Privacy Data Protection Online Privacy On

The Houseparty Hack – Fact or Fiction?

Since the global COVID-19 lockdown started, teens have been flocking to the Houseparty app. Houseparty allows users to create video call sessions so that multiple people can chat at once. At a time when social gatherings are banned, the ability to play games or simply hang out together has been invaluable. Why are people demanding we DELETE HOUSEPARTY? Over
Publish At:2020-03-31 06:25 | Read:48 | Comments:0 | Tags:Mobile News Mobile Security Security hacking houseparty

Privacy Snafu Exposes 42 Million ‘Telegram’ Records

Security researchers have discovered tens of millions of accounts from a third-party version of Telegram that were leaked online in another cloud misconfiguration.Bob Diachenko and the Comparitech team found the exposed data on March 21. It had been posted to an Elasticsearch cluster, password-free, by a group called “Hunting system” in Farsi.Alt
Publish At:2020-03-31 06:17 | Read:114 | Comments:0 | Tags:No Tag

“Instant bank fraud” warning spread on WhatsApp is a hoax

byPaul DucklinLast week we wrote about a WhatsApp hoax that was spreading widely, warning people to look out for a cybersecurity catastrophe that simply wasn’t going to happen.That was known as the Martinelli/Dance of the Pope hoax, and it claimed that two dangerous videos are about to come out that will hack or wipe out your phone so it can’t b
Publish At:2020-03-31 05:28 | Read:110 | Comments:0 | Tags:Fake news phishing smishing SMS WhatsApp

Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data breach. 
Publish At:2020-03-31 04:51 | Read:31 | Comments:0 | Tags:Breaking News Security credential stuffing data breach Hacki

Houseparty Offers $1m for Info on ‘Smear Campaign’

Houseparty is offering $1m for evidence of a suspected smear campaign, after several reports emerged that multiple users had had other online accounts compromised via the video conferencing app.The platform has become extremely popular over recent weeks as consumers flock online to socialize safely during a time of lockdowns and social distancing.Howeve
Publish At:2020-03-31 04:50 | Read:36 | Comments:0 | Tags:No Tag

Are You Ready for the Remote Work’s Toll on Corporate Security?

Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security.Using a VPN for New Stay-at-Home WorkersMillions of employees are now working from the confines of their own homes in an effort to keep businesses running smoothl
Publish At:2020-03-31 00:20 | Read:57 | Comments:0 | Tags:Featured Articles COVID-19 VPN Working from Home

Microsoft Edge Will Tell You If Credentials Are Compromised

Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.Microsoft today announced several new additions to its Edge browser, including three intended to strengthen security and privacy: Password Monitor, InPrivate mode, and tracking prevention.Password Monitor, when enabled, will let you know when credentials sa
Publish At:2020-03-30 19:54 | Read:118 | Comments:0 | Tags:No Tag

Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations

Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.Cybercriminals are setting up numerous fake Zoom domains to try and take advantage of users who want to use the videoconferencing tool to connect with friends, family, and colleagues during the ongoing COVID-19 crisis.Researchers from Check Point sai
Publish At:2020-03-30 19:54 | Read:106 | Comments:0 | Tags:No Tag

COVID-19 Phishing Update: Your Bank is Not Texting You About Coronavirus

<p>Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures.&nbsp;</p> <p><i>We are providing </i><a href="https://info.phishlabs.com/blog/topic/covid-19"><i>ongoing updates</i></a><i> on coronavirus-t
Publish At:2020-03-30 19:33 | Read:92 | Comments:0 | Tags:COVID-19 Virus

No, Houseparty hasn’t hacked your phone and stolen your bank details

byPaul DucklinIf you’re at home right now – and who isn’t? – then you’ve probably heard of Houseparty.It’s a social networking app that came out back in 2015 and was bought by Epic Games – famous for Unreal and Fortnite – in the middle of 2019.The name gives you a good idea of what is does: simply put, you go o
Publish At:2020-03-30 17:20 | Read:95 | Comments:0 | Tags:Android Exploit hacking Houseparty ios

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud