HackDig : Dig high-quality web security articles for hacker

About them Zoom vulns...

Today a couple vulnerabilities were announced in Zoom, the popular work-from-home conferencing app. Hackers can possibly exploit these to do evil things to you, such as steal your password. Because of the COVID-19, these vulns have hit the mainstream media. This means my non-techy friends and relatives have been asking about it. I thought I'd write up a
Publish At:2020-04-02 15:05 | Read:106 | Comments:0 | Tags:No Tag

Marriott Was Hacked -- Again

Marriott announced another data breach, this one affecting 5.2 million people: At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved: Contact Details (e.g., name, mailing address, email address, and phone number) Loyalty Account Information (e.g., account n
Publish At:2020-04-02 14:35 | Read:98 | Comments:0 | Tags:No Tag

Don’t get locked out of your own website – update this WordPress plugin now!

byPaul DucklinResearchers at WordFence, a company that provides cybersecurity services for WordPress users, has warned of two security problems in a popular WordPress plugin called Rank Math.That’s “math” as in “calculations relating to” and “rank” as in “search engine rating”, not “rank math”
Publish At:2020-04-02 14:22 | Read:99 | Comments:0 | Tags:Vulnerability Plugins Rank Math REST vulnerability Wordpress

Is Zoom’s Lack of End-To-End Encryption a Problem?

All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target of several articles in the past few days.
Publish At:2020-04-02 13:45 | Read:80 | Comments:0 | Tags:Security Program Assessment Security Remediation

London Hit by Quarantine Text Scam

Scammers are targeting Londoners with fake fine notification texts that accuse victims of flouting the country's lockdown rules.The malicious text has been designed to look like a genuine COVID-19 alert sent by the UK government. Victims who receive the message are told that they have been fined £35 after being spotted leaving their home on multipl
Publish At:2020-04-02 13:35 | Read:153 | Comments:0 | Tags:No Tag

Zoom promises to improve its security and privacy as usage (and concern) soars

What’s happened?Well, Coronavirus 2019 (COVID-19) happened.Okay, smart alec. I know about that. What else is going on?Well, because so many people are (wisely) staying at home, they’re using videoconferencing and chat technology like Zoom to keep in touch with friends, family and colleagues.In fact, Zoom says that daily usage has soared from appr
Publish At:2020-04-02 13:24 | Read:112 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Coronaviru

TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln

Posted by Maddie Stone, Project ZeroINTRODUCTIONI’m really interested in 0-days exploited in the wild and what we, the security community, can learn about them to make 0-day hard. I explained some of Project Zero’s ideas and goals around in-the-wild 0-days in a November blog post. On December’s Patch Tuesday, I was immediately intrigued by CVE-2019-1458
Publish At:2020-04-02 13:20 | Read:87 | Comments:0 | Tags:No Tag

Remaining Nimble During Times of Rapid Change

There is an adage that goes, "the only constant is change." And that has never been more true than right now, as organizations are having to rapidly adapt to current world events at an unprecedented pace. And traditionally, the aspect of networks that have had the hardest time adjusting to such rapid change has been security. This is especially true now
Publish At:2020-04-02 12:27 | Read:44 | Comments:0 | Tags:INDUSTRY INSIGHTS Network Security

Browser Makers Delay Removal of TLS 1.0 and 1.1 Support

Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox.TLS 1.0 is over two decades old, and TLS 1.1 was only meant to address some limitations in the former and prevent specific attacks. Both are known to include weaknesses, some addresse
Publish At:2020-04-02 12:27 | Read:46 | Comments:0 | Tags:NEWS & INDUSTRY Incident Response Data Protection Manage

Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan.The Firefox vulnerability is CVE-2019-17026, which Mozilla patched in early January, and the Internet Explorer flaw is CVE-2020-0674, which Microsoft patched in February with its month
Publish At:2020-04-02 12:27 | Read:54 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Virus &

New Magecart Skimmer Infects 19 Victim Websites

MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.A new Magecart skimmer, dubbed MakeFrame, has been observed compromising 19 victim websites. The skimmer was named for its ability to make iframes for skimming payment data.RiskIQ researchers became aware of the new skimmer on Jan. 24, 2020. Since th
Publish At:2020-04-02 12:24 | Read:93 | Comments:0 | Tags:No Tag

Best Practices to Manage Third-Party Cyber-Risk Today

Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.Just five years ago, many companies focused their cyber defense efforts almost entirely on their own organizations. Today, they are increasingly concerned about third-party risks, with good reason.According to Ponemon Institute's "US Cost of a Data Breach Study
Publish At:2020-04-02 12:24 | Read:98 | Comments:0 | Tags:No Tag

‘War Dialing’ Tool Exposes Zoom’s Password Problems

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t bel
Publish At:2020-04-02 11:45 | Read:125 | Comments:0 | Tags:A Little Sunshine The Coming Storm Time to Patch Dave Kenned

Closing the Cybersecurity Skill Gap with Education Diversity

The cybersecurity skill gap is nothing new. It’s been a concern in our industry for the past few years, if not the last decade. However, despite increased awareness of the issue, the gap is not getting any smaller. In fact, quite the opposite.The latest (ISC)² Cybersecurity Workforce Study puts the number of unfilled cybersecurity positions a
Publish At:2020-04-02 11:23 | Read:38 | Comments:0 | Tags:No Tag

Infosecurity Europe 2020 Postponed Due to #COVID19

Infosecurity Europe 2020, due to take place June 2-4, has been postponed due to the COVID-19 pandemic, event organizers Reed Exhibitions have announced.Held annually at London Olympia, Infosecurity Europe is Europe’s largest and most comprehensive information security event, attracting thousands of visitors from the information security industry e
Publish At:2020-04-02 11:23 | Read:55 | Comments:0 | Tags:No Tag

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud