HackDig : Dig high-quality web security articles for hacker

Hotel booking service Groupize allegedly exposed sensitive data contained in unsecured AWS storage bucket

Security researchers discovered that hotel booking service Groupize allegedly exposed sensitive data contained in unsecured AWS storage bucket Security experts continue to discover unsecured AWS storage bucket leaking sensitive data. Last discovery in order of time is an AWS storage related to the hotel booking service Groupize, it was discovered by Kromtech
Publish At:2017-08-23 05:05 | Read:231 | Comments:0 | Tags:Breaking News Data Breach Amazon AWS data leak Groupize Maci

Datadog Resets Passwords Following Unauthorized Server Activity

SaaS-based monitoring and analytics platform Datadog has reset all stored passwords following unauthorized activity on some infrastructure servers.Chief Security Officer Andrew Becherer opened up to users about the incident over the weekend:“Last night we sent email notifications regarding a security incident that took place within our server infrastru
Publish At:2016-07-12 10:30 | Read:1269 | Comments:0 | Tags:Latest Security News AWS bcrypt Datadog password

eero: A Mesh WiFi Router Built for Security

User-friendly and secure. Hardly anyone would pick either word to describe the vast majority of wireless routers in use today. So naturally I was intrigued a year ago when I had the chance to pre-order a eero, a new WiFi system billed as easy-to-use, designed with security in mind, and able to dramatically extend the range of a wireless network without compr
Publish At:2016-03-11 07:20 | Read:1027 | Comments:0 | Tags:A Little Sunshine Security Tools Amazon AWS eero mesh wirele

Storing secret crypto keys in the Amazon cloud? New attack can steal them

Piercing a key selling point of commercial cloud computing services, computer scientists have devised a hack that allows an attacker using Amazon's EC2 platform to steal the secret cryptographic keys of other users.The proof-of-concept attack is significant because Amazon Web Services and many other cloud service providers already blocked a previous key-reco
Publish At:2015-09-29 05:15 | Read:817 | Comments:0 | Tags:Risk Assessment Technology Lab Amazon AWS cloud cryptography

Understanding the VENOM Vulnerability

  Jason Geffner, a security researcher at Crowdstrike, has released information about a new, unchecked buffer vulnerability called VENOM affecting the open source QEMU virtualization platform which provides virtualization capabilities similar to VMWare or Microsoft’s Hyper-V. The initial reports indicate this is a serious vulnerability, and while the v
Publish At:2015-06-09 16:15 | Read:1574 | Comments:0 | Tags:Application Security Cyber Security Security Updates 0xicf A

Federating the AWS CLI

Modern organizations that depend on SaaS have been increasingly adopting Identity Providers or single sign-ons (SSOs) in order to federate authentication back to home directory services. Most SSOs support SAML or OAuth, and a growing number of SaaS companies are jumping on board to eliminate the liability of storing customer password hashes.Although an SSO-i
Publish At:2015-04-17 17:25 | Read:1804 | Comments:0 | Tags:Featured Articles Risk Management 2FA AWS bsides security

Visualizing AWS Storage with Real-Time Latency Spectrograms

Having worked for several years in the wireless networking space, I always found spectrum analyzers like this one extremely useful. I always found such a representation of the wireless spectrum not only visually cool, but also useful to understand trends, spot bottlenecks and identify outliers. A bunch of attempts have been done to apply this kind of visua
Publish At:2015-01-27 15:50 | Read:1896 | Comments:0 | Tags:Uncategorized aws latency open source spectrogram storage Sy

Start 2015 Right, Take Inventory

What sounds like more fun than spending the start of the new year by taking inventory of all your systems? Unless you’re really odd, just about anything, to be truthful. But it’s something you should be giving serious thought to as 2014 draws to a close and 2015 begins. Even though we rarely think of it as a security function, a valid, up-to-date
Publish At:2014-12-23 22:15 | Read:1005 | Comments:0 | Tags:CISO Risk Management AWS BYOD data discovery DNS inventory I

ITsecurity Daily News: 08/22/2014

ITsecurity Daily News: 08/22/2014 The ITsecurity daily security briefing: Friday, August 22, 2014.If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.NewsPapers/Report
Publish At:2014-08-22 14:00 | Read:2453 | Comments:0 | Tags:News Arachnophobia AWS comment spam Erin FinCEN healthcare J

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud