HackDig : Dig high-quality web security articles

North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist

The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic.The multi-million compromise, confirmed by Harmony earlier this month, led to the theft of ETH, BNB, USDT, USDC and Dai from the Horizon cross-chain bridge and no
Publish At:2022-06-30 16:13 | Read:67 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Aqua Security Ships Open Source Tool for Auditing Software Supply Chain

Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark.The open-source tool, called Chain-Bench, is described an open source tool for auditing an organization’s so
Publish At:2022-06-22 11:11 | Read:167 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Volexity Blames 'DriftingCloud' APT For Sophos Firewall Zero-Day

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.The Sophos firewall vulnerability -- tracked as CVE-2022-1040 -- was patched in March this year but only after Volexity intercepted a sophisticated zero-day
Publish At:2022-06-16 17:09 | Read:352 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Avast: New Linux Rootkit and Backdoor Align Perfectly

Malware hunters at Avast have analyzed a newly discovered rootkit and backdoor that target Linux and appear designed to function in synergy with each other.Dubbed Syslogk, the rootkit is based on Adore-Ng, an older Linux rootkit, but packs new functionality that makes both the user-mode application and the kernel rootkit difficult to detect, Avast warned in
Publish At:2022-06-14 13:11 | Read:295 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

RSA Conference 2022 - Announcements Summary (Day 1)

Hundreds of companies are showcasing their products and services this week at the 2022 edition of the RSA Conference in San Francisco.To help cut through the clutter, the SecurityWeek team is publishing a daily digest summarizing some of the announcements made by vendors. The daily summaries will include new products and services, updates to existing offerin
Publish At:2022-06-07 09:12 | Read:286 | Comments:0 | Tags:Disaster Recovery Network Security NEWS & INDUSTRY Incid

Beating Ransomware With Advanced Backup and Data Defense Technologies

Question: if we can mitigate file encryption ransomware with backup, can we mitigate double extortion by adding advanced PII protection through data encryption or tokenization? Criminal extortion continuously evolves. Sensitive data exfiltration and threats to expose stolen data have been added to file encryption. The new term is ‘double extortion’ whic
Publish At:2022-06-06 09:12 | Read:260 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Incident Response Data

Chainguard Bags Massive $50M Series A for Supply Chain Security

Venture capital powerhouse Sequoia is leading a massive $50 million early-stage investment in Chainguard, a startup created by a team of ex-Google software engineers to "make software supply chain secure by default."The Series A funding comes less than six months after Chainguard emerged from stealth with $5 million in seed capital and signals massive invest
Publish At:2022-06-03 13:10 | Read:291 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Three Nigerian Users of Agent Tesla RAT Arrested

Interpol on Monday announced the arrest of three Nigerians accused on using the Agent Tesla remote access trojan (RAT) in financial scams.The scammers allegedly used the malware to reroute financial transactions and steal confidential data, including connection information from oil and gas organizations in South East Asia, the Middle East, and North Africa.O
Publish At:2022-05-31 17:08 | Read:254 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

SYN Ventures Closes $300M Fund for Cybersecurity Bets

SYN Ventures, a Florida-based venture capital firm placing early-stage bets in cybersecurity startups, has closed a new $300 million fund and announced the addition of serial entrepreneur Ryan Permeh as full-time operating partner.SYN Ventures, which has already invested in more than a dozen security-focused startups, said the new fund will be used to target
Publish At:2022-05-26 13:21 | Read:374 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

US Gov Issues Security Memo on Quantum Computing Risks

National security memo warns that a quantum computing could jeopardize civilian and military communications, and defeat security protocols for most Internet-based financial transactionsThe U.S. government is barreling ahead with plans to mitigate future threats from quantum computing with a new White House memo directing federal agencies to jumpstart an all-
Publish At:2022-05-05 12:59 | Read:370 | Comments:0 | Tags:Disaster Recovery Endpoint Security Mobile Security Network

GitHub Announces Mandatory 2FA for Code Contributors

Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023.The Microsoft-owned platform has been supporting 2FA for years and is allowing users to use physical and virtual security keys, Time-based One-Time Password (TOTP) authentic
Publish At:2022-05-05 12:59 | Read:436 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Cyberespionage Group Targeting M&A, Corporate Transactions Personnel

Security researchers at Mandiant are documenting the discovery of a new hacking group focused on cyberespionage targeting employees responsible for corporate development, large corporate transactions, and mergers and acquisitions.Referred to as UNC3524 – Mandiant uses 'UNC' to track uncategorized hacking groups – the threat actor does not appear interested i
Publish At:2022-05-03 16:55 | Read:1046 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

German Wind Turbine Firm Discloses 'Targeted, Professional Cyberattack'

German wind turbine giant Deutsche Windtechnik has issued a notification to warn that some of its IT systems were impacted in a targeted professional cyberattack earlier this month.The incident, which the company says occured on April 11, forced incident responders to switch off the remote data monitoring connections to the wind turbines for security reasons
Publish At:2022-04-26 12:59 | Read:586 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Former DNC CISO Bob Lord Joins CISA Cybersecurity Division

The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) has added former DNC security chief Bob Lord to its roster of technical advisors.Lord, a veteran information security leader with prior stints at the Democratic National Committee and Yahoo, has joined CISA as a Senior Technical Advisor within the Agency’s Cybersecurity Division, t
Publish At:2022-04-25 12:58 | Read:736 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Strike Security Scores Funding for 'Perpetual Pentesting' for SMBs

South American startup Strike Security has secured $5.4 million to fund an ambitious plan to disrupt the penetration testing and attack surface management business.Strike Security, founded by Uruguayan security researcher Santiago Rosenblatt, said the seed stage financing was led by Greyhound Capital, with participation from venture capital outfits FJ Labs,
Publish At:2022-04-22 16:55 | Read:1141 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3