HackDig : Dig high-quality web security articles

Critical RCE can allow attackers to compromise Juniper Networks devices

Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS, tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices. This f
Publish At:2021-04-16 16:39 | Read:161 | Comments:0 | Tags:Breaking News Security DOS Hacking hacking news information

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: CRI-O version before v1.20.2 Podman version before 3.1.0 Any containerized infrastructure that rel
Publish At:2021-04-16 15:58 | Read:117 | Comments:0 | Tags:Uncategorized

Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks

Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer.Maintained by EIPStackGroup and designed for I/O adapter devices, the OpENer EtherNet/IP (ENIP) stack offers support for multiple I/O and explicit connections, implements the ENIP an
Publish At:2021-04-16 15:20 | Read:196 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Vulnerabilities

Shady scam bots trick Omegle users into nonconsensual video sex recordings

14-year old Michael (not his real name) from Scandinavia first visited Omegle, the video online chat that has become hugely popular since the start of the pandemic, after hearing about “unpredictable and weird encounters” one may experience on the site from other students in school. He was intrigued. At the end of his “session”, ho
Publish At:2021-04-16 15:09 | Read:205 | Comments:0 | Tags:Awareness omegle sex-baiting bot VCW video cam whores

Keyfactor to Merge with PrimeKey

Ohio PKI-as-a-Service pioneer Keyfactor and Swedish PKI solutions provider PrimeKey have announced their intention to merge.Plans for the companies to come together under the Keyfactor brand "while committing to increased investments across all product lines" were shared on April 15. PrimeKey was established
Publish At:2021-04-16 14:17 | Read:112 | Comments:0 | Tags:No Tag

US Issues Russian SVR Warning

America has issued a cybersecurity advisory that urges organizations to patch vulnerabilities it says are being exploited by Russian Foreign Intelligence Service (SVR) actors.The warning was jointly issued on April 15 by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (F
Publish At:2021-04-16 14:17 | Read:140 | Comments:0 | Tags:No Tag

US Indicts SecondEye Operators

The United States has indicted two Pakistani men on suspicion of operating an illegal online store that sold false identification documents on the dark web. Karachi residents 34-year-old Mohsin Raza and 33-year-old Mujtaba Raza were charged in a six-count federal indictment unsealed in the District of New Jersey on April 15. Each man
Publish At:2021-04-16 14:17 | Read:124 | Comments:0 | Tags:No Tag

HackBoss malware poses as hacker tools on Telegram to steal digital coins

The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications.Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from wannabe hackers that fell for the trick.Fake user interfaceAlthough there is nothing sophistica
Publish At:2021-04-16 13:04 | Read:124 | Comments:0 | Tags:Security hack

Amex cards removed from Google Pay due to expired certificate

An expired certificate has led to the repeated removal of linked American Express credit cards from user's Google Pay accounts.Starting yesterday, Google Pay users with linked American Express cards began receiving emails that Google removed their linked Amex card. These emails came as a surprise as the user's Amex cards were not expired and canceled.Google
Publish At:2021-04-16 13:04 | Read:134 | Comments:0 | Tags:Google Software Technology

Popular Codecov code coverage tool hacked to steal dev credentials

Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers’ continuous integration (CI) environment.The company learned of the compromise on April 1st but the investigation determined that the first signs of this soft
Publish At:2021-04-16 13:04 | Read:96 | Comments:0 | Tags:Security hack

How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts

Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud als
Publish At:2021-04-16 12:31 | Read:114 | Comments:0 | Tags:Security Intelligence & Analytics Artificial Intelligence Cl

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have jointly released a Cybersecurity Advisory called Russian SVR Targets U.S. and Allied Networks,  to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. Th
Publish At:2021-04-16 12:15 | Read:144 | Comments:0 | Tags:Malwarebytes news apt29 cisa cozy bear cve-2018-13379 cve-20

Positive Technologies' official statement following U.S. sanctions

As a company, we deny the groundless accusations made by the U.S. Department of the Treasury. In the almost 20 years we have been operating there has been no evidence of the results of Positive Technologies’ research being used in violation of the principles of business transparency and the ethical exchange of information with professional information securi
Publish At:2021-04-16 11:54 | Read:159 | Comments:0 | Tags:No Tag

Sanctioned Russian IT Firm Was Partner With Microsoft, IBM

The Treasury Department on Thursday slapped six Russian technology companies with sanctions for supporting Kremlin intelligence agencies engaged in “dangerous and disruptive cyber attacks.”But only one of them stands out for its international footprint and partnerships with such IT heavyweights as Microsoft and IBM.That company, Positive Technologies, claims
Publish At:2021-04-16 11:25 | Read:105 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Incident Response Cybercrim

More Countries Officially Blame Russia for SolarWinds Attack

The United Kingdom, Canada, the European Union and NATO have expressed support for the United States in blaming Russia for the cyberattack on IT management company SolarWinds, which impacted organizations worldwide.The announcements were made the same day that the United States expelled 10 Russian diplomats and sanctioned dozens of companies and people in an
Publish At:2021-04-16 11:25 | Read:162 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Management & Strategy

Announce

Share high-quality web security related articles with you:)

Friend Links