HackDig : Dig high-quality web security articles for hacker

BSidesSF CTF: Easy to hard Rust reversing challenges

As mentioned in a previous post, I was honoured to once again help run BSidesSF CTF! This is going to be a quick writeup for three challenges: config-me, rusty1, and rusty2. All three are reversing challenges written in Rust, although the actual amount of reversing required is low for the first two. config-me config-me (source) was actually modeled after tw
Publish At:2020-02-26 14:05 | Read:102 | Comments:0 | Tags:Conferences CTFs Reverse Engineering

Intel Announces New Hardware-based Security Capabilities

Intel Announces New Security Capabilities and Provides Update on Supply Chain Transparency InitiativeRSA CONFERENCE 2020 - San Francisco - Intel announced four new security capabilities and provided further information on its previously-announced Compute Lifecycle Assurance supply chain transparency initiative today at RSA Conference 2020 in San Francis
Publish At:2020-02-26 13:37 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Security Infrastructure

Iranian Cyberspies Focus on Long-Running Operations

The Iranian cyber-espionage group referred to as MuddyWater continues to focus on long-running operations even after a U.S. airstrike killed General Qassem Soleimani on January 2.Soleimani was the leader of Quds Force, an elite unit of the Iranian Revolutionary Guards, and his death resulted in escalated tensions between the United States and Iran, yet there
Publish At:2020-02-26 13:37 | Read:61 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Cybercr

Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday.Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key
Publish At:2020-02-26 13:37 | Read:60 | Comments:0 | Tags:NEWS & INDUSTRY Wireless Security Vulnerabilities Data P

Google Boosts Detection of Malicious Documents in Gmail

New scanning capabilities that Google rolled out to Gmail have resulted in an increased overall detection rate of malicious documents.The company says its existing machine learning models, combined with other protections, help block more than 99.9% of threats from reaching Gmail inboxes, and that its malware scanner processes more than 300 billion attachment
Publish At:2020-02-26 13:37 | Read:89 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

5 Ways to Up Your Threat Management Game

Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.The basis of a good security program starts with a mindset that it's not about the tools, it's what you do with them. This mindset is most evident when critical vulnerabilitie
Publish At:2020-02-26 13:34 | Read:50 | Comments:0 | Tags:No Tag

Kr00k Wi-Fi Vulnerability Affected a Billion Devices

Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.RSA Conference 2020 – San Francisco – A vulnerability in the way that two Wi-Fi chipsets handled network
Publish At:2020-02-26 13:34 | Read:90 | Comments:0 | Tags: Vulnerability

Open Cybersecurity Alliance Releases New Language for Security Integration

OpenDXL Ontology is intended to allow security components to interoperate right out of the box.The Open Cybersecurity Alliance, an industry consortium working to provide a common framework for security technology, has announced its first release, OpenDXL Ontology, a language for helping security tools interoperate with minimal custom integration.OpenDXL Onto
Publish At:2020-02-26 13:34 | Read:73 | Comments:0 | Tags:No Tag

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon’s Cloudfront content delivery network (CDN) via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and hiding their tracks—another reason to keep watchful eye o
Publish At:2020-02-26 13:26 | Read:78 | Comments:0 | Tags:Threat analysis cdn content delivery network credit card dat

Zyxel 0day Affects its Firewall Products, Too

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch
Publish At:2020-02-26 12:56 | Read:47 | Comments:0 | Tags:Latest Warnings Time to Patch 0day alex holden zero day ZyXe

Weak in, Weak out: Keeping Password Lists Current

THIS POST WAS WRITTEN BY @NYXGEEK When performing brute-force attacks, it’s our first instinct to go to the current season and year, i.e., Winter20, Winter2020. But it’s important to keep in mind that many organizations use a 90-day password change window, and 90 days can be a deceptively long time. For instance, as of today, February 25, 2020
Publish At:2020-02-26 12:38 | Read:79 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

National Cyber League Registration Opens for 2020

Registration opened for the National Cyber League (NCL) Spring Season this week.The NCL is a biannual cybersecurity competition for high school and college students aimed at training and mentoring the next generation of cybersecurity professionals.The NCL invites students from across the US to compete in a virtual cybersecurity competition, consisting of a s
Publish At:2020-02-26 12:34 | Read:85 | Comments:0 | Tags:No Tag

#RSAC: What Governments Should Do to Respond to Nation State Attacks

Nation states are actively attacking digital and internet-connected assets, but whether or not the US and other governments are doing enough to stop those attacks is a burning question that was debated in a session at the RSA Conference in San Francisco.Sometimes there is a tendency for individuals or even organizations to question whether nation state cyber
Publish At:2020-02-26 12:34 | Read:101 | Comments:0 | Tags:No Tag

Zimperium Wins Multiple Cybersecurity Awards at RSA

Zimperium, the global leader in mobile threat defense (MTD), was presented with six awards during the RSA Conference this week.  The 2020 Cybersecurity Excellence Awards announced Zimperium as the Gold Winner in the Mobile Threat Defense (MTD) category, for zPlatform and Silver Winner in the Best Cybersecurity Company (100-499 employees). This is the fifth
Publish At:2020-02-26 11:40 | Read:165 | Comments:0 | Tags:Awards advanced mobile threat defense cyber security

Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. This week, the Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. Reading Municipal Light Department provides electricity to over 68,000 citizens tha
Publish At:2020-02-26 11:32 | Read:80 | Comments:0 | Tags:Breaking News Cyber Crime Hacking critical infrastructure ha


Share high-quality web security related articles with you:)


Tag Cloud