HackDig : Dig high-quality web security articles

Google Patches More Under-Attack Chome Zero-days

Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.The latest confirmation of this appears today with a new Chrome point-update to patch a pair of security vulnerabilities affecting Windows, MacOS and Linux users. Google said it was aware of reports that both of these vulnerabilities - CVE-2021-21206 and CVE-202
Publish At:2021-04-13 20:45 | Read:132 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Incident Response Iden

Joker Android Trojan Lands in Huawei AppGallery App Store

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Last year, the malware was observed perfor
Publish At:2021-04-12 21:15 | Read:105 | Comments:0 | Tags:Disaster Recovery Endpoint Security Mobile Security Network

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
Publish At:2021-04-12 13:25 | Read:78 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Threat Actors Quick to Target (Patched) SAP Vulnerabilities

Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were rel
Publish At:2021-04-06 16:46 | Read:84 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Unpatched RCE Flaws Affect Tens of Thousands of QNAP SOHO NAS Devices

A pair of unpatched vulnerabilities in QNAP small office/home office (SOHO) network attached storage (NAS) devices could allow attackers to execute code remotely, according to a warning from security researchers at SAM Seamless Network.The bugs were found to affect QNAP TS-231 SOHO NAS devices running firmware version, but potentially impact other
Publish At:2021-04-01 19:42 | Read:204 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Kansas Man Charged with Tampering with Public Water System

The United States Department of Justice this week announced official charges against a Kansas man, for accessing and tampering with a public water system.The man, Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, is accused of accessing the computer system of the Ellsworth County Rural Water District without authorization.The intrusion took pla
Publish At:2021-04-01 15:48 | Read:232 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

North Korean .Gov Hackers Back With Fake Pen-Test Company

A North Korean government-backed APT group has been caught using a fake pen-testing company and a range of sock puppet social media accounts in an escalation of a hacking campaign targeting security research professionals.The notorious hacking group, first exposed by Google earlier this year, returned on March 17th with a website for a fake penetration testi
Publish At:2021-03-31 20:17 | Read:232 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

CompuCom Cyber-Attack Costs Could Reach $28M

The financial impact from a March 1 cyber-attack on CompuCom, a wholly-owned subsidiary of ODP Corporation, is expected to reach the $28 million range, the company said.Following the incident, which resulted in some of the managed services provider’s systems being infected with malware, customer services and internal operations were suspended, but ODP now sa
Publish At:2021-03-29 15:00 | Read:136 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security NEWS &

Report: US Gov Executive Order to Mandate Data Breach Disclosure

A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report.The report said the executive order, which could be released as soon as the next week, would require software vendors to notify U.S. government customers of cyber-security breaches that also
Publish At:2021-03-26 15:22 | Read:198 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security NEWS &

New Code Execution Flaws In Solarwinds Orion Platform

Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks.The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state
Publish At:2021-03-25 15:56 | Read:177 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Feedzai Lands $200M in Series C Funding

Feedzai, a late-stage fintech startup, is the latest entrant into cybersecurity’s unicorn club after snagging a new $200 million funding round that values the company at more than $1 billion.The San Mateo, Calif.- based Feedzai said the latest Series D round was led by KKR, one of the most prominent global investment firms. Existing investors Sapphire Ventur
Publish At:2021-03-25 12:02 | Read:228 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Researchers Dive into the Operations of SilverFish Cyber-Espionage Group

Researchers with the PRODAFT Threat Intelligence Team took a deep dive into the operations of the SilverFish cyber-espionage group and linked one of its command and control (C&C) servers with recent high-profile malicious attacks. The investigation, which started from indicators of compromise (IOCs) published for the December 2020 SolarWinds attacks, has
Publish At:2021-03-23 13:11 | Read:177 | Comments:0 | Tags:Disaster Recovery Endpoint Security NEWS & INDUSTRY Emai

Google Chrome Zero-Day Under Attack, Again

For the third time this year, Google has shipped an urgent fix to block in-the-wild zero-day attacks hitting its flagship Chrome browser.The latest emergency Chrome patch, available for Windows, MacOS and Linux, provides cover for at least five (5) documented vulnerabilities. Three of the five bugs are rated “high-risk,” Google’s highest severity rating.Buri
Publish At:2021-03-15 14:05 | Read:235 | Comments:0 | Tags:Disaster Recovery Endpoint Security Mobile Security NEWS &am

WSJ: Microsoft Probing Possible PoC Exploit Code Leak

Software giant Microsoft Corp. has launched an investigation to determine whether one of its flagship information-sharing programs sprung a leak that led to the widespread exploitation of Exchange server deployments around the world.According to a bombshell report in the Wall Street Journal, Redmond is looking closely at its Microsoft Active Protections Prog
Publish At:2021-03-12 19:47 | Read:285 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

McAfee Sheds Enterprise Business in $4 Billion Deal

McAfee is changing owners again as part of a $4 billion all-cash transaction that includes the sale of its enterprise business unit.McAfee, based in San Jose, Calif., announced on Monday it was selling its enterprise operations Symphony Technology Group (STG), a private equity firm that also owns security behemoth RSA Corp.The decision to shed the enterprise
Publish At:2021-03-08 18:17 | Read:289 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a