HackDig : Dig high-quality web security articles for hacker

Driver's License Thefts Spur ADOT to Boost Online Safeguards

Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver's licenses.The Arizona Department of Transportation announced new safeguards after acknowledging to Azfamily.com this week that at least 164 drivers have been the victims of theft.The cases go ba
Publish At:2019-09-29 00:00 | Read:360 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Data Protection

Adopt Insertion Point Security for a Microservices World

In the old world, applications generally consisted of a web server, an app server and a database. Traffic went from router to switch to firewall. There was a network perimeter, which was our ingress. That was then, this is now. With the cloud, containers and microservices, we’re navigating an environment that includes clients, proxies, web servers, app
Publish At:2019-09-27 00:00 | Read:200 | Comments:0 | Tags:INDUSTRY INSIGHTS Application Security

iOS 13 Bug Gives Third-Party Keyboards "Full Access" Permissions

An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user’s approval.In an advisory released on September 24 — first spotted by TechCrunch — Apple informed customers that it’s working on an update that should fix the issue.The company explained th
Publish At:2019-09-26 12:00 | Read:339 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Application Secu

POISON CARP Threat Actor Targets Tibetan Groups

A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months, Citizen Lab reveals.The attacks, carried out between November 2018 and May 2019, employed individually tailored WhatsApp text exchanges, where the attackers were posing as NGO workers, journalists, and other fake personas.Links sent to
Publish At:2019-09-26 00:00 | Read:496 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Appl

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.Cycode provides a platform designed for source code control, detection and response. The solution should help organizations concerned about the exposure of intellectual property (IP) found in source code. While
Publish At:2019-09-24 12:00 | Read:357 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Risk Management Clo

0patch Promises Support for Windows 7 Beyond January 2020

Windows 7 and Windows Server 2008 will officially reach end-of-support on January 14, 2020, but they will continue to receive security patches past that date, unofficially.Microsoft will still provide support for some customers through Extended Security Updates (ESU), but the majority of systems still running Windows 7 or Windows Server 2008 will no longer r
Publish At:2019-09-24 00:00 | Read:356 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:13574 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

The Power and Versatility of Pervasive Encryption

As cyberthreats make headlines, companies across the globe are working hard to develop efficient IT infrastructures capable of protecting sensitive data and maintaining compliance with privacy regulations. Although it checks both of these boxes, many organizations have been hesitant to adopt encryption due to cost, operational impact, the complexity of key m
Publish At:2017-11-04 02:00 | Read:3974 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

Five Key IT Security Best Practices to Safeguard Your Expanding Business

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating
Publish At:2017-10-22 05:00 | Read:3522 | Comments:0 | Tags:Application Security Retail Risk Management Application Secu

How to Increase Transparency and Rebuild Trust After a Data Breach

As more companies suffer breaches and leak private data online, it becomes harder for organizations to be transparent and establish trust with their customers. Recent incidents have shown that many experts underestimated the total impact of a data breach in terms of the actual number of users affected and the volume of data made public. Many companies take t
Publish At:2017-10-22 05:00 | Read:4201 | Comments:0 | Tags:Application Security Data Protection Incident Response Data

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:4353 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:3485 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:3946 | Comments:0 | Tags:Application Security Risk Management Application Development

Pervasive Encryption Simplifies Mainframe Security

On July 17, IBM unveiled its z14 mainframe server, which combines the traditional mainframe hardware with new capabilities in areas such as cloud, cognitive, analytics, application management, blockchain, machine learning and more. Most importantly, z14 includes enhanced security features — namely, pervasive encryption — to help clients stay one step ahead
Publish At:2017-08-04 20:10 | Read:5644 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

Integrating the IoT Into Your Application Security Program

The Internet of Things (IoT) is here, but is your security program ready to handle it? For many reasons, such as network complexity, limited visibility, politics and other challenges that come along with emerging technologies in the enterprise, your organizations is likely underprepared. To get up to speed, a good place to start is your application security
Publish At:2017-08-02 12:30 | Read:3188 | Comments:0 | Tags:Application Security Network Application Security Testing Ap

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud