HackDig : Dig high-quality web security articles

Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy

Google’s Project Zero cybersecurity research unit on Thursday announced that it’s making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw.Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020. Until now, if
Publish At:2021-04-16 07:30 | Read:73 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities Man

The IT-OT Connection: How the Two Work Together

Where hardware meets software, attackers can sneak in. More and more, threat actors are targeting Industrial Control Systems (ICS) and Operational Technology (OT). IBM X-Force found that the number of attacks against those types of assets increased by over 2,000% between 2018 and 2019, with the number of ICS and OT attacks in 2019 having eclipsed the tota
Publish At:2021-04-14 21:21 | Read:103 | Comments:0 | Tags:Application Security Cloud Security Security Services Indust

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se
Publish At:2021-04-13 16:50 | Read:142 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Joker Android Trojan Lands in Huawei AppGallery App Store

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Last year, the malware was observed perfor
Publish At:2021-04-12 21:15 | Read:105 | Comments:0 | Tags:Disaster Recovery Endpoint Security Mobile Security Network

DoControl Emerges From Stealth With SaaS Security Platform

DoControl emerged from stealth mode on Monday with an automated data access controls platform for SaaS applications, and more than $13 million in funding.The company was founded in 2020 and it’s headquartered in New York City. It raised $3.35 million in seed funding and it recently raised another $10 million in a Series A funding round led by RTP Global, wit
Publish At:2021-04-12 17:20 | Read:145 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Management & St

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
Publish At:2021-04-12 13:25 | Read:78 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

CISA Releases Tool to Detect Microsoft 365 Compromise

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection
Publish At:2021-04-09 14:58 | Read:70 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator

Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente
Publish At:2021-04-09 14:58 | Read:123 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Pwn2Own 2021 Participants Earn Over $1.2 Million for Their Exploits

The Pwn2Own 2021 hacking competition has come to an end, with participants earning more than $1.2 million — more than ever paid out at the event — for exploits in the browser, virtualization, server, local privilege escalation, and enterprise communications categories.Over the course of three days, participants made 23 attempts, targeting Safari, Chrome, Edg
Publish At:2021-04-09 11:05 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities Man

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration

Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report.With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and a
Publish At:2021-04-09 07:10 | Read:149 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats App

Cisco Patches Critical Flaw in SD-WAN vManage

Cisco this week announced patches for tens of vulnerabilities across its product portfolio, including a critical severity issue impacting the SD-WAN vManage software.Tracked as CVE-2021-1479 with a CVSS score of 9.8, the critical bug exists because of improper validation of user-supplied input and could allow an attacker to trigger a buffer overflow by sendi
Publish At:2021-04-08 15:34 | Read:228 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security E

Report: Supplier Impersonation Attacks a Major Risk

Threat actors are leveraging the supply chain to deliver various types of threats to organizations, and few of them are spared from such attacks, according to a new report from enterprise security company Proofpoint.During a seven-day window in February 2021, out of a total of 3000 monitored organizations, Proofpoint reports that a whopping 98 percent were h
Publish At:2021-04-07 13:55 | Read:137 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Application Se

Open Source Security Management Firm WhiteSource Raises $75 Million

Open source security management company WhiteSource on Wednesday announced that it has raised $75 million in a Series D funding round.The Series C funding round was announced in October 2018, when the company secured $35 million. The latest round, which brings the total raised by WhiteSource to more than $120 million, was led by Pitango Growth, with particip
Publish At:2021-04-07 13:55 | Read:156 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Management & St

Fake Netflix App Luring Android Users to Malware

Researchers Flag ‘FlixOnline’ as a Malicious Android Play Store App That Combines Social Engineering With WhatsApp Auto-Replies to PropagateResearchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages.The discovery was reported to Google, and the malware – dubbed F
Publish At:2021-04-07 12:16 | Read:161 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Email Security Frau

Threat Actors Quick to Target (Patched) SAP Vulnerabilities

Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were rel
Publish At:2021-04-06 16:46 | Read:84 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a