HackDig : Dig high-quality web security articles for hackers

Podcast recap: Email attack trend predictions for 2020

IntroductionEmail continues to be a major method of communication in both personal and professional contexts. The sheer proliferation of information transmitted via email every day makes it an appealing target for hackers. 30% of phishing emails bypass default security systemsOne out of every 25 branded emails is a phishing email The average employee r
Publish At:2020-08-13 09:03 | Read:61 | Comments:0 | Tags:Cyber Work Podcast

CISA Warns of Phishing Emails Leading to Spoofed COVID-19 Relief Page

The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages.On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A):The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who
Publish At:2020-08-13 08:59 | Read:129 | Comments:0 | Tags:IT Security and Data Protection Latest Security News CISA CO

Migrating On-Premises Email to Office 365: Limitations, Prerequisites and Best Practices

Office 365 can host on-premises messaging environmentS, including IMAP mailboxes, through different migration methods. IMAP migration, cutover migration, staged migration, hybrid deployment, etc.These onboarding methods support the migration of email, calendar and contact data from the on-premises messaging platform to Office 365. Depending upon the on-premi
Publish At:2020-08-13 08:40 | Read:96 | Comments:0 | Tags:No Tag

Microsoft's Patch for LSASS Flaw Incomplete, Google Researcher Says

Microsoft failed to properly address an elevation of privilege vulnerability in the Windows Local Security Authority Subsystem Service (LSASS), the Google Project Zero researcher who discovered the issue says.Tracked as CVE-2020-1509, the vulnerability can be triggered through specially crafted authentication requests. For successful exploitation, an attacke
Publish At:2020-08-13 08:02 | Read:45 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

FireEye Launches Public Bug Bounty Program on Bugcrowd

FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate.The program, which has been running privately on the crowd-sourced bug hunting platform for a while, welcomes all Bugcrowd researchers interested in identifying vulnerabilities in a broad range of FireEye websites, includi
Publish At:2020-08-13 08:02 | Read:59 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Potentially Serious Vulnerability Found in Popular WYSIWYG Editor TinyMCE

A potentially serious cross-site scripting (XSS) vulnerability affecting the TinyMCE rich text editor can be exploited — depending on the implementation — for privilege escalation, obtaining information, or account takeover.Developed by Tiny Technologies, TinyMCE is advertised as the most advanced WYSIWYG HTML editor designed to simplify website content crea
Publish At:2020-08-13 08:02 | Read:97 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Remote working, global power plays are shifting the threat landscape

The COVID-19 pandemic has pushed companies into a remote workforce situation that many were vastly unprepared for. Remote workers don’t have the same protection as they would have in the traditional corporate network. This has not only increased the burden for IT teams, but without advanced cybersecurity in place, has widened the attack surface, giving attac
Publish At:2020-08-13 07:37 | Read:86 | Comments:0 | Tags:Adaptive Defense Business b2b ITWeb Security Summit remote w

Open Source Supply Chain Attacks Surge 430%

Security experts are warning of a 430% year-on-year increase in attacks targeting open source components directly in order to covertly infect key software supply chains.There were 929 attacks recorded between July 2019 and May 2020, according to Sonatype’s annual State of the Software Supply Chain report. The study was compiled from analysis
Publish At:2020-08-13 06:59 | Read:61 | Comments:0 | Tags:No Tag

CASB Complexity Means Many Products Are Under-Utilized

Product complexity and a lack of in-house skills mean many organizations are failing to fully realize the benefits of their cloud access security broker (CASB) solutions, according to the Cloud Security Alliance (CSA).The industry body polled over 200 IT and security professionals to better understand their challenges surrounding CASBs, which help organizati
Publish At:2020-08-13 06:59 | Read:56 | Comments:0 | Tags:No Tag

IT Pros Name Misconfiguration #1 Cloud Security Threat

Configuration errors are the number one threat to cloud security, according to a new poll of IT and security professionals by Check Point.The security vendor interviewed 653 industry professionals to compile its 2020 Cloud Security Report.Three-quarters (75%) claimed to be “very” or “extremely” concerned about cloud security, with mos
Publish At:2020-08-13 06:59 | Read:118 | Comments:0 | Tags: Cloud

CactusPete APT group’s updated Bisonal backdoor

CactusPete (also known as Karma Panda or Tonto Team) is an APT group that has been publicly known since at least 2013. Some of the group’s activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this group’s activity for years as well. Historically, their activity has been foc
Publish At:2020-08-13 06:21 | Read:96 | Comments:0 | Tags:APT reports Featured Backdoor Data theft Malware Description

Threat actors managed to control 23% of Tor Exit nodes

A security researcher has discovered that a threat actor controlled roughly 23% of the Tor network’s exit nodes. A security researcher named Nusenu revealed that in May a malicious controlled roughly 23% of the entire Tor network’s exit nodes. Experts warn that this was the first time that a single actor controlled such a large number of Tor exit nodes.
Publish At:2020-08-13 04:55 | Read:94 | Comments:0 | Tags:Breaking News Deep Web Hacking Dark Web information security

Israel announced to have foiled an attempted cyber-attack on defence firms

Israel ‘s defence ministry announced to have foiled an attempted cyber attack by a foreign threat actors group targeting the country’s defence manufacturers. The Israeli defence ministry announced on Wednesday that it had foiled a cyber attack carried out by a foreign threat actor targeting the country’s defence manufacturers. Accordi
Publish At:2020-08-13 04:55 | Read:75 | Comments:0 | Tags:Breaking News Cyber warfare defence Hacking hacking news inf

Rent a hacker: Group-IB uncovers corporate espionage group RedCurl

Threat Intel firm Group-IB has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has released an analytical report on the previously unknown APT group RedCurl, which focuses on corporate espionage. In less th
Publish At:2020-08-13 04:55 | Read:66 | Comments:0 | Tags:APT Breaking News Hacking Intelligence Cyberespionage hackin

Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us.If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear ho
Publish At:2020-08-13 01:16 | Read:100 | Comments:0 | Tags:Featured Articles IT Security and Data Protection critical v

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Friend Links