HackDig : Dig high-quality web security articles

VirusTotal Hacking Offers a Supercharged Version of Google Hacking

Chronicle’s VirusTotal (VT) is a boon to security researchers and a gift to potential criminals. Apart from virus samples it contains likely millions of user credentials readily available to anyone who knows where and how to look.This is the finding of SafeBreach researchers who wanted to see if VT’s advanced search capabilities could provide a supercharged
Publish At:2022-01-18 12:57 | Read:56 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities Da

3 Cloud Security Trends to Watch in 2022

Many organizations have cloud security on their minds going into 2022. In April 2021, for instance, Gartner predicted that global end-user spending on cloud management and security services would reach $18 million the following year. That’s a growth of 30% over the previous two years.  The forecasts discussed above raise an important question. Wh
Publish At:2022-01-18 10:07 | Read:85 | Comments:0 | Tags:Cloud Security Data Protection Incident Response Risk Manage

Details Published on AWS Flaws Leading to Data Leaks

Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.The first of the security flaws is described as an XML External Entity (XXE) error that could have been exploited to leak sensitive file
Publish At:2022-01-14 16:53 | Read:173 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Audits Email S

FCC Chair Proposes New Policies for Carrier Data Breach Reporting

Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.The Notice of Proposed Rulemaking (NPRM) shared by Rosenworcel within the FCC seeks to strengthen rules for notifying customers affected by a data breach and federal law enforcement.Per the updated ru
Publish At:2022-01-13 16:53 | Read:203 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Digital Transformation: Balancing Speed, Security and Innovation

Today, digital transformation (DX) is happening in every industry. Organizations operating in sectors that typically eschew technology are moving to the cloud, leveraging IoT and using analytics. Digital transformation plays a critical role for any company to stay competitive and resilient. But what does digital transformation look like for most companies,
Publish At:2022-01-13 10:07 | Read:183 | Comments:0 | Tags:Application Security Cloud Security Data Protection Incident

Apple Patches iOS HomeKit Flaw After Researcher Warning

Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes
Publish At:2022-01-12 21:13 | Read:137 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws

Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.Of the newly patched security flaws, nine are rated high-severity while six carry a "medium-severity" rating.The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-scree
Publish At:2022-01-12 16:53 | Read:223 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Arming CISOs With the Skills to Combat Disinformation

As if chief information security officers (CISOs) did not have enough to deal with, add one more issue to their plates: information warfare. These operations now target private and non-governmental entities almost as often as they involve world powers. That’s why it’s more important than ever to know the difference between misinformation and dis
Publish At:2022-01-12 10:07 | Read:141 | Comments:0 | Tags:Data Protection Risk Management Security Services cyber awar

Patch Tuesday: Microsoft Calls Attention to 'Wormable' Windows Flaw

Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks.The January security updates from Redmond cover security defects in a wide range of default Windows OS components, including a critical flaw in the HTTP Protocol Stack (http.sys) that Micr
Publish At:2022-01-11 16:53 | Read:155 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Moxie Marlinspike Steps Down as Signal CEO

Celebrated cryptographer Moxie Marlinspike is stepping down as chief executive at Signal, temporarily turning the reins of the popular encrypted messaging platform to WhatsApp co-founder Brian Acton.Marlinspike, who created Signal and led its growth into becoming a must-use encrypted messaging app, said Signal would begin the search for a new chief executive
Publish At:2022-01-11 12:57 | Read:129 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security NEWS & IN

With the 'Great Resignation' Comes the 'Great Exfiltration'

Research shows the “Great Resignation” phenomenon is accompanied by a “Great Exfiltration” as people leave their jobs and take company data with themAs business has moved to the cloud, so has crime. Cloud apps are now the primary source of malware downloads. In 2020, 46% of malware came from the cloud. This rose to 66% in Q4 2021 (peaking at 73% during the y
Publish At:2022-01-11 12:57 | Read:102 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Data Protection

Apache Foundation Calls Out Open-Source Leechers

The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem.“[The] community is defined by those who show up and do the work. Companies that build open source into their products rarely participate in t
Publish At:2022-01-10 16:52 | Read:235 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Small Business Cybersecurity: What to Fix, What to Manage and What to Outsource

The risk posture of small and medium-sized businesses has changed a lot over the last few years. Bluntly: small businesses inherited a series of digital risks. Many of these risks, such as supply chain and cloud-related risks, can wound and devastate a small business. Meanwhile, the enterprise, armed with more resources, could sustain the shock. When, and h
Publish At:2022-01-10 14:02 | Read:229 | Comments:0 | Tags:Data Protection Incident Response Risk Management Security S

Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw.The warning comes almost exactly one month after the first disclosure of a Log4j remote code execution vulnerability that threatens major damage on the internet an
Publish At:2022-01-07 16:52 | Read:190 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Swiss Army Knifes WhatsApp at Work

Switzerland's army has banned the use of WhatsApp whilst on duty, a spokesman confirmed Thursday, in favour of a Swiss messaging service deemed more secure in terms of data protection.The ban also applies to using other messaging apps like Signal and Telegram on soldiers' private phones during service operations.At the end of December, commanders and chiefs
Publish At:2022-01-07 09:00 | Read:260 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Data Protection

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3