HackDig : Dig high-quality web security articles

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se
Publish At:2021-04-13 16:50 | Read:142 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator

Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente
Publish At:2021-04-09 14:58 | Read:123 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

US DoD Launches Vuln Disclosure Program for Contractor Networks

The United States Department of Defense (DoD) this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks.Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) covers participating DoD contractor partner’s informatio
Publish At:2021-04-06 12:52 | Read:130 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Applicati

SecureDrop Workstation Gets Post-Audit Security Refresh

The open-source SecureDrop Workstation has undergone a security makeover after a third-party security audit flagged multiple problems, including a high-risk bug that could allow an attacker to plant files on target machines.The SecureDrop Workstation audit, conducted by Trail of Bits and financed by the New York Times, warned that the high-risk directory tra
Publish At:2021-04-02 15:13 | Read:301 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Application Se

DHS Gives Federal Agencies 5 Days to Identify Vulnerable MS Exchange Servers

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers in their environments within five days.Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 reque
Publish At:2021-04-01 19:42 | Read:170 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Websites of EU Mobile Providers Fail to Properly Secure User Data: Report

Sensitive data pertaining to the customers of top mobile services providers in the European Union is at risk of compromise due to improperly secured websites, data security and privacy firm Tala reveals.An analysis of the websites of 13 of the top mobile telecom companies in the EU has revealed that none of them has in place even the minimum necessary protec
Publish At:2021-04-01 00:11 | Read:187 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Application Security Audits Data

Vulnerability in 'netmask' npm Package Affects 280,000 Projects

A vulnerability in the netmask npm package could expose private networks and lead to a variety of attacks, including malware delivery.The newly identified issue (which is tracked as CVE-2021-28918) resides in the fact that the package would incorrectly read octal encoding, essentially resulting in the misinterpretation of supplied IP addresses.Designed to pa
Publish At:2021-03-29 15:00 | Read:245 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Audits Email Securit

HD Moore Banks $5M Funding for Rumble Asset Management Startup

Network and asset discovery provider Rumble this week announced that it has raised $5 million in VC funding. The round was led by Jon Sakoda and Dan Nguyen-Huu at Cisco-backed Decibel Partners.The round also saw participation from Duo Security co-founder and CTO Jon Oberheide, Demisto (acquired by Palo Alto Networks) founders Slavik Markovich and Rishi Bharg
Publish At:2021-03-16 17:23 | Read:298 | Comments:0 | Tags:Endpoint Security INDUSTRY INSIGHTS Network Security Applica

Privilege Escalation Bugs Patched in Linux Kernel

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel.Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.Tracked as CVE-2021-26708 and featuring a CVSS score of 7.0, the s
Publish At:2021-03-04 16:47 | Read:382 | Comments:0 | Tags:Disaster Recovery Network Security NEWS & INDUSTRY Appli

Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers

In response to speculation that its services may have been leveraged as an initial entry point by the hackers who breached IT management firm SolarWinds, Microsoft said on Thursday there was no evidence to back those claims.Reports, including from several mainstream media publications, have speculated about the role of Microsoft services in the SolarWinds at
Publish At:2021-02-05 09:35 | Read:362 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Audits Email Securi

Ten-Year Old Sudo Vulnerability Gives Root Privileges on Host

A major security hole in the Sudo utility could be abused by unprivileged users to gain root privileges on the vulnerable host, Qualys reports.Designed to allow users to run programs with the security privileges of another user (by default superuser, hence the name, which is derived from ‘superuser do’), Sudo is present in major Unix- and Linux-based operati
Publish At:2021-01-27 18:53 | Read:420 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Data Security Providers Netwrix and Stealthbits Merge

Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. Founded in 2006, the Irvine, California-based Netwrix claims to provide over 10,000 organizations around the world with the necessary tools to reclaim control over sensitive, business-critical data, helping
Publish At:2021-01-05 16:29 | Read:531 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Audits Email S

SASE Provider iboss Banks $145 Million Equity Funding

Cloud-delivered network security startup iboss on Tuesday announced the closing of a new $145 million financing deal to speed up growth in a lucrative market.iboss, founded by twin brothers Paul and Peter Martini five years ago, previously banked $35 million in venture capital funding from Goldman Sachs.The new round of financing was led by NightDragon and F
Publish At:2021-01-05 16:29 | Read:589 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Audits

Slack Outage Causing Enterprise Security Hiccups

Business communications platform Slack is scrambling to recover from an ongoing outage that is proving disruptive to cybersecurity response teams around the world.At 7:15AM PST, the San Francisco, Calif.-based Slack confirmed users were “having trouble loading channels or connecting to Slack.”   No other details were provided on the cause of the ou
Publish At:2021-01-04 13:11 | Read:429 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security A

France Fines Google, Amazon 135 Mn Euros

France's CNIL data privacy watchdog slapped 135 million euros in fines on US tech titans Google and Amazon for placing advertising cookies on users' computers without consent.The 100-million-euro fine against Google is the largest sanction the regulator has ever imposed, which it justified by the fact 90 percent of French internet users use the firm's search
Publish At:2020-12-11 11:59 | Read:524 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Compliance Privacy &