HackDig : Dig high-quality web security articles for hacker

Hospitals Resume Accepting Patients After Malware Attack

An Alabama hospital chain that quit accepting new patients after a malware attack crippled computer systems said it has resumed normal operations after paying a ransom demand.The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling serv
Publish At:2019-10-11 12:00 | Read:170 | Comments:0 | Tags:NEWS & INDUSTRY Incident Response Malware

Close the Gap Between Cyber-Risk and Business Risk

Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.In my role as CISO of a security company, I travel around the US and abroad quite a bit and have the opportunity to meet with security practitioners from many industry sectors
Publish At:2019-10-11 11:50 | Read:109 | Comments:0 | Tags:No Tag

Cyber News Rundown: E-Scooters Vulnerable

Reading Time: ~ 2 min. E-Scooter Security Vulnerability A security researcher recently found an API vulnerability within the software of Voi e-scooters that allowed him to add over $100,000 in ride credits to his account. The vulnerability stems from a lack of authentication after creating an account which allows users to enter an unlimited number of prom
Publish At:2019-10-11 11:15 | Read:91 | Comments:0 | Tags:Industry Intel

Magecart is back: hotels in the firing line

Back in July, a group of cyberattackers called Magecart made the e-commerce word shake. Its malicious skimming code, which is inserted into the websites of these businesses to steal personal and financial data from their customers when making purchases, was discovered on nearly 18,000 domains. And this incident wasn’t the only one. A year ago, British Airway
Publish At:2019-10-11 10:35 | Read:58 | Comments:0 | Tags:News Security business hotel chains supply chain

#SecTorCa: Millions of Phones Leaking Information Via Tor

There is a privacy threat lurking on perhaps hundreds of millions of devices, that could enable potential attackers to track and profile users, by using information leaked via the Tor network, even if the users never intentionally installed Tor in the first place.In a session at the SecTor security conference in Toronto, Canada on October 10, researchers Ada
Publish At:2019-10-11 08:30 | Read:98 | Comments:0 | Tags:No Tag

BAE Systems Pilots Tech to Support Child Protection Agencies

BAE Systems has announced details of a technology pilot aimed at supporting child protection agencies. The initial project, run in partnership with Gloucestershire Constabulary Police Force, seeks to improve speed and accuracy for identifying potentially vulnerable children.BAE Systems has adapted technology normally used to protect and safeguard businesses
Publish At:2019-10-11 08:30 | Read:94 | Comments:0 | Tags:No Tag

#SecTorCa: Finding a New Route to Solve Tomorrow’s Cyber-Attacks

For modern security systems to succeed, it’s important for organizations to expect that security systems will fail. By expecting failure and planning for it, it’s possible to be more resilient and deliver better security outcomes, according to Solomon Sonya, assistant professor of computer science at the United States Air Force Academy.Sonya deli
Publish At:2019-10-11 08:30 | Read:121 | Comments:0 | Tags:No Tag

iTunes Zero-Day Vulnerability Exploited by BitPaymer Ransomware

The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio
Publish At:2019-10-11 00:05 | Read:93 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vi

Flaw in HP Touchpoint Analytics Could Impact Many PCs

Researchers at SafeBreach, a company that specializes in simulating breaches and attacks, discovered this summer that HP’s Touchpoint Analytics service is affected by a potentially serious vulnerability.HP Touchpoint Analytics is shipped with many HP laptop and desktop computers running Windows. The service is designed to collect anonymous diagnostic informa
Publish At:2019-10-11 00:05 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Magecart Attack on Volusion Highlights Supply Chain Dangers

Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites. Magecart attackers have infiltrated cloud-based e-commerce provider Volusion to successfully infect at least 6,500 customer websites with malicious code designed to lift payment card information. To do this, they had to first break in
Publish At:2019-10-10 23:55 | Read:112 | Comments:0 | Tags:No Tag

How to Think Like a Hacker

In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.Computer security is a very unique field. Unlike other fields in which the challenge is to overcome the scale of a problem or the complexity of an algorithm, in computer security t
Publish At:2019-10-10 23:55 | Read:92 | Comments:0 | Tags:No Tag

Imperva Details Response to Customer Database Exposure

The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.Imperva today released details about an October 2018 intrusion into a database containing records on customers of its cloud Web application firewall (WAF), formerly known as Incapsula. According to a blog post from CEO Chris Hylen, a
Publish At:2019-10-10 23:55 | Read:123 | Comments:0 | Tags:No Tag

iTunes Zero-Day Exploited to Deliver BitPaymer

The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report.Back in August, the Morphisec team noticed attackers t
Publish At:2019-10-10 23:55 | Read:72 | Comments:0 | Tags: exploit

Watch Your Step: Insights on the TOMS Shoes Mailing Hack

You’re familiar with the cybercriminals that go after users’ credit card information and look to spread malicious links, but recently, one hacker decided to send a different message. According to Vice’s Motherboard, a hacker accessed TOMS Shoes’ mailing list and sent an email encouraging users to log off and go enjoy the outdoors. The email specificall
Publish At:2019-10-10 23:25 | Read:117 | Comments:0 | Tags:Consumer Threat Notices cybersecurity email and web security

New Reductor Nation-State Malware Compromises TLS

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates. The res
Publish At:2019-10-10 16:50 | Read:127 | Comments:0 | Tags:No Tag

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud