HackDig : Dig high-quality web security articles

Domain Name Security Neglected by U.S. Energy Companies: Report

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric ut
Publish At:2021-04-15 15:50 | Read:170 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Email Security Identity

FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers

FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally
Publish At:2021-04-14 00:40 | Read:105 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Incident Response FBI hac

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se
Publish At:2021-04-13 16:50 | Read:142 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Joker Android Trojan Lands in Huawei AppGallery App Store

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Last year, the malware was observed perfor
Publish At:2021-04-12 21:15 | Read:105 | Comments:0 | Tags:Disaster Recovery Endpoint Security Mobile Security Network

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
Publish At:2021-04-12 13:25 | Read:78 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

CISA Releases Tool to Detect Microsoft 365 Compromise

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection
Publish At:2021-04-09 14:58 | Read:70 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator

Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente
Publish At:2021-04-09 14:58 | Read:123 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Cost of Sandboxing Prompts Shift to Memory-Safe Languages. A Little Too Late?

NEWS ANALYSIS: Google’s decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development.Just 13 years after Google introduced the sandbox in Chrome touting "a new approach in browser security,” the company is now blaming the limitati
Publish At:2021-04-08 15:34 | Read:191 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security NEWS & IN

Cisco Patches Critical Flaw in SD-WAN vManage

Cisco this week announced patches for tens of vulnerabilities across its product portfolio, including a critical severity issue impacting the SD-WAN vManage software.Tracked as CVE-2021-1479 with a CVSS score of 9.8, the critical bug exists because of improper validation of user-supplied input and could allow an attacker to trigger a buffer overflow by sendi
Publish At:2021-04-08 15:34 | Read:228 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security E

Report: Supplier Impersonation Attacks a Major Risk

Threat actors are leveraging the supply chain to deliver various types of threats to organizations, and few of them are spared from such attacks, according to a new report from enterprise security company Proofpoint.During a seven-day window in February 2021, out of a total of 3000 monitored organizations, Proofpoint reports that a whopping 98 percent were h
Publish At:2021-04-07 13:55 | Read:137 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Application Se

Fake Netflix App Luring Android Users to Malware

Researchers Flag ‘FlixOnline’ as a Malicious Android Play Store App That Combines Social Engineering With WhatsApp Auto-Replies to PropagateResearchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages.The discovery was reported to Google, and the malware – dubbed F
Publish At:2021-04-07 12:16 | Read:161 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Email Security Frau

Threat Actors Quick to Target (Patched) SAP Vulnerabilities

Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were rel
Publish At:2021-04-06 16:46 | Read:84 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

US DoD Launches Vuln Disclosure Program for Contractor Networks

The United States Department of Defense (DoD) this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks.Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP) covers participating DoD contractor partner’s informatio
Publish At:2021-04-06 12:52 | Read:115 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Applicati

China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military

China-linked cyber-espionage group Cycldek is showing increasing sophistication in a series of recent attacks targeting government and military entities in Vietnam, according to a report from anti-malware vendor Kaspersky.Active since at least 2013 and also referred to as Goblin Panda and Conimes, Cycldek is known for the active targeting of governments in S
Publish At:2021-04-05 21:16 | Read:234 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Applicati

VMware Patches Critical Flaw in Carbon Black Cloud Workload

A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug. Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface f
Publish At:2021-04-05 13:28 | Read:142 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security NEWS & IN