HackDig : Dig high-quality web security articles for hacker

Attacking the Organism: Retail

My Apple News app recently served up some targeted marketing that really hit home. There before me was the opportunity to purchase a limited-edition 11 Herbs & Spices Firelog from KFC and Envirolog, sold through Walmart. Sometimes it’s just plain spooky how these internet algorithms understand us on a deeper level. How did they know I’d been thinkin
Publish At:2020-01-08 10:15 | Read:212 | Comments:0 | Tags:INDUSTRY INSIGHTS Application Security

Facebook, Samsung, Ring Unveil New Privacy, Security Tools at CES 2020

Facebook, Samsung and Ring have unveiled new or improved privacy and security tools at the 2020 CES consumer electronics show taking place this week in Las Vegas.Facebook announced a revamped version of Privacy Checkup, a tool launched in 2014 in an effort to make it easier for users to manage the information they share on the social media network.The improv
Publish At:2020-01-07 12:00 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Application Security Compliance

F5 to Acquire Shape Security for $1 Billion in Cash

F5 Networks announced on Thursday that it has agreed to acquire privately held Shape Security for approximately $1 billion in cash.Shape was founded in 2011 by Derek Smith (CEO), Justin Call (VP, R&D), and Sumit Agarwal (COO) and emerged from stealth in 2014.In September 2019, Shape raised a $51 million in Series F growth funding, valuing the company at
Publish At:2019-12-19 22:15 | Read:170 | Comments:0 | Tags:NEWS & INDUSTRY Application Security

Hunting for Magecart With URLscan.io

Hunting Magecart with URLscan.ioMagecart -- originally the name applied to a single criminal gang but now the umbrella term for a JavaScript-based web skimming attack -- has emerged as a major threat to the security of payment card details. Once the skimmer code has been inserted into the payment function of a website, its operation can be silent and efficie
Publish At:2019-12-18 12:00 | Read:261 | Comments:0 | Tags:NEWS & INDUSTRY Application Security

Google to Ban Less Secure Apps in G Suite

Google this week announced plans to turn off access to G Suite account data for less secure apps (LSAs), as they represent a potential security risk for users.LSAs are non-Google apps that have been granted access to Google accounts, but which only employ a username and password for login. Thus, they make accounts more vulnerable to hijacking attempts, unlik
Publish At:2019-12-17 10:15 | Read:467 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Identity & Acce

Google Releases Open Source Tool for Finding File Access Vulnerabilities

Google on Monday announced that it has released the source code of a tool designed to help developers identify vulnerabilities related to file access.The tool, named PathAuditor, has been useful to Google and the company has now decided to release it as open source. The tech giant is still actively working on PathAuditor, but hopes that the community can hel
Publish At:2019-12-09 12:00 | Read:296 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities

Cisco Talos Releases Open Source Dependency Build Automation Tool

Cisco Talos this week released a new tool designed to make it easier to create complex applications that have lengthy dependency chains.Called Mussels, the cross-platform, general-purpose dependency build automation tool allows software developers to easily download, build, and assemble app dependencies.The tool’s creator is Micah Snyder, a Cisco Talos resea
Publish At:2019-12-05 12:00 | Read:289 | Comments:0 | Tags:NEWS & INDUSTRY Application Security

Google: 80% of Android Apps Encrypt Traffic by Default

Google has shared some data on the adoption of Transport Layer Security (TLS) by Android applications and it seems that significant progress has been made over the past two years.According to Google, 80% of Android apps now encrypt traffic by default and the percentage is even higher in the case of applications designed for the latest versions of the operati
Publish At:2019-12-03 22:15 | Read:316 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Application Security Vul

Build Your Immunity Across All App-Security Insertion Points

Years ago, I worked on a consulting project for a large financial services company, which had recently invested $20 million into their core offering, a managed services platform for financials that was used by hundreds of customers. We did a Failure Mode Effect Analysis for them, looking at every component making up the major service—every app, every pi
Publish At:2019-11-30 10:15 | Read:316 | Comments:0 | Tags:INDUSTRY INSIGHTS Application Security

Driver's License Thefts Spur ADOT to Boost Online Safeguards

Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver's licenses.The Arizona Department of Transportation announced new safeguards after acknowledging to Azfamily.com this week that at least 164 drivers have been the victims of theft.The cases go ba
Publish At:2019-09-29 00:00 | Read:671 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Data Protection

Adopt Insertion Point Security for a Microservices World

In the old world, applications generally consisted of a web server, an app server and a database. Traffic went from router to switch to firewall. There was a network perimeter, which was our ingress. That was then, this is now. With the cloud, containers and microservices, we’re navigating an environment that includes clients, proxies, web servers, app
Publish At:2019-09-27 00:00 | Read:318 | Comments:0 | Tags:INDUSTRY INSIGHTS Application Security

iOS 13 Bug Gives Third-Party Keyboards "Full Access" Permissions

An update that Apple will soon release for iOS 13 and iPadOS should resolve an issue that leads to third-party keyboard apps getting elevated permissions without the user’s approval.In an advisory released on September 24 — first spotted by TechCrunch — Apple informed customers that it’s working on an update that should fix the issue.The company explained th
Publish At:2019-09-26 12:00 | Read:893 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Application Secu

POISON CARP Threat Actor Targets Tibetan Groups

A threat actor referred to as POISON CARP has targeted senior members of Tibetan groups via WhatsApp for around six months, Citizen Lab reveals.The attacks, carried out between November 2018 and May 2019, employed individually tailored WhatsApp text exchanges, where the attackers were posing as NGO workers, journalists, and other fake personas.Links sent to
Publish At:2019-09-26 00:00 | Read:730 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Appl

Source Code Security Firm Cycode Launches With $4.6 Million in Funding

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.Cycode provides a platform designed for source code control, detection and response. The solution should help organizations concerned about the exposure of intellectual property (IP) found in source code. While
Publish At:2019-09-24 12:00 | Read:549 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Risk Management Clo

0patch Promises Support for Windows 7 Beyond January 2020

Windows 7 and Windows Server 2008 will officially reach end-of-support on January 14, 2020, but they will continue to receive security patches past that date, unofficially.Microsoft will still provide support for some customers through Extended Security Updates (ESU), but the majority of systems still running Windows 7 or Windows Server 2008 will no longer r
Publish At:2019-09-24 00:00 | Read:714 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud