HackDig : Dig high-quality web security articles for hackers

Data From Joomla Resources Directory Exposed via Unprotected AWS Bucket

An unprotected Amazon Web Services (AWS) S3 bucket exposed the details of 2,700 users who signed up for the Joomla Resources Directory (JRD), Joomla’s Incident Response Task Group reported last week.An internal website audit revealed that a third-party company owned by a former leader of the Joomla Resource Directory team — they are still a member of the JRD
Publish At:2020-06-01 13:46 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Incident Response Data Pr

FTC Settles With Canadian Smart Lock Maker Over Security Practices

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”Toronto-based Tapplock, Inc. is an Internet of Things (IoT) technology company that provides smart security solutions for both business and end-users alike. It sells Internet-
Publish At:2020-05-26 11:03 | Read:148 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Compliance Risk Managemen

LDAPFragger: Command and Control over LDAP attributes

  Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool
Publish At:2020-03-19 06:53 | Read:454 | Comments:0 | Tags:audits Blog Cobalt Strike pentest Uncategorized

Aussie Watchdog Sues Facebook Over Cambridge Analytica Breach

Australia's privacy watchdog announced legal action against Facebook Monday for alleged "systematic failures" exposing more than 300,000 Australians to a data breach by Cambridge Analytica.The Office of the Australian Information Commissioner said it had initiated proceedings against the tech giant and that Facebook committed "serious and/or repeated interfe
Publish At:2020-03-09 10:09 | Read:497 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Incident Response Complia

Microsoft Trials Election Security Solution in Wisconsin

Microsoft representatives are in Fulton, Wisconsin, on Tuesday to conduct the first real-world trials for ElectionGuard, the company’s open source election security solution.Introduced in May 2019, the free software development kit (SDK) was created in collaboration with Galois, aiming to provide end-to-end verification of elections. Moreover, the tool opens
Publish At:2020-02-18 12:14 | Read:435 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Audits Security Arc

Source Code Released for All ProtonVPN Apps

Proton Technologies, the company best known for its privacy-focused email service ProtonMail, this week announced that the source code for all of its ProtonVPN virtual private network (VPN) applications has been made public after each app underwent independent security audits.The source code for the Android, iOS, macOS and Windows versions of ProtonVPN are n
Publish At:2020-01-22 10:15 | Read:526 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Compliance Identity &

Unprotected Medical Systems Expose Data on Millions of Patients

Hundreds of Internet-accessible, unprotected medical imaging systems expose data on millions of patients worldwide, German security firm Greenbone reveals.The analysis conducted by Greenbone, a vulnerability analysis and management solutions provider, focused on Picture Archiving and Communication Systems (PACS), which are used by healthcare organizations to
Publish At:2020-01-16 12:00 | Read:752 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Data Protection Privacy &

Evolution of OpenSSL Security After Heartbleed

OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014.OpenSSL, an open source library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, is widely used by organizations to protect communications.In April 2014, the world learned that OpenSSL was affecte
Publish At:2019-12-26 10:15 | Read:882 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Identity & Access Sec

Inside Mastercard's Push for Continuous Security

Mastercard to Recommend NIST CSF for Continuous Security Between PCI AuditsCybersecurity for a business model like Mastercard is complex. First, it has the fundamental need to protect its own networks. Second, however, it has a huge global franchise that must also be kept secure to maintain trust in the product.Security for Mastercard's own infrastructure is
Publish At:2019-12-03 22:15 | Read:634 | Comments:0 | Tags:NEWS & INDUSTRY Audits Compliance

EU to Check How Facebook, Google Use Data: Spokeswoman

The European Commission said Monday it had begun a "preliminary investigation" into how Facebook and Google collect personal data and what they do with it."The Commission has sent out questionnaires as part of a preliminary investigation into Google’s and Facebook’s data practices," a Commission spokeswoman told AFP."These investigations concern the way data
Publish At:2019-12-03 10:15 | Read:820 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Compliance Data Protectio

CISA Announces Open Source Post-Election Auditing Tool

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this week announced the release of an open source post-election auditing tool in preparation for the 2020 elections.CISA says it has teamed up with election officials and their private sector partners to support their efforts in improving post-election auditing
Publish At:2019-11-22 22:15 | Read:766 | Comments:0 | Tags:NEWS & INDUSTRY Audits Management & Strategy

Dunkin' Donuts Sued by New York's State Attorney General Over Data Breaches

New York Attorney General Letitia James filed a lawsuit against Dunkin' Donuts in the Supreme Court of the State of New York on Thursday, September 26, 2019. The complaint alleges fraudulent, deceptive and illegal conduct, and focuses on Dunkin' Donuts breaches in 2015 and 2018. It claims an alleged failure to respond to these breaches in violation of state
Publish At:2019-09-28 00:00 | Read:1117 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Incident Response Complia

Phishing – Ask and ye shall receive

During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient hardening, lack of awareness or poor password hygiene. Sometimes we do get access to a resource, but do not have access to the username or password of the user that
Publish At:2019-09-19 23:30 | Read:908 | Comments:0 | Tags:audits Blog pentest Uncategorized

Your trust, our signature

Written and researched by Mark Bregman and Rindert Kramer Sending signed phishing emails Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks
Publish At:2019-09-19 23:30 | Read:1151 | Comments:0 | Tags:audits Blog pentest Uncategorized email hacking phishing

NERC CIP Audits: Top 10 Common Mistakes

I spent quite a while on the road while working at NERC for about seven years. I believe at one point I had over 130+ nights stayed during a single year. One of the many roles I had while at NERC was as a compliance program auditor for NERC CIP audits and compliance investigations. I picked up some common mistakes I have seen from entities across the entire
Publish At:2016-01-08 08:25 | Read:6823 | Comments:0 | Tags:Featured Articles NERC CIP Regulatory Compliance audits comp

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud