HackDig : Dig high-quality web security articles for hackers

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC).The attackers, which some believe to be sponsored by Russia, breached SolarWinds’ systems i
Publish At:2021-01-21 14:41 | Read:51 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em

Enterprise Credentials Publicly Exposed by Cybercriminals

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.The corporate account credentials were stolen as part of a phishing campaign that kicked off in August 2020, targeting thousands of organizations worldwide.As part of the cam
Publish At:2021-01-21 14:41 | Read:106 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

Data Security Startup Qohash Raises $6 Million

Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.Founded in 2018, the Quebec-based company provides customers with solutions focused on data discovery and classification, helping enterprises monitor data across their environments. Fu
Publish At:2021-01-15 18:17 | Read:113 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from millions of
Publish At:2021-01-14 14:59 | Read:122 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Applic

Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers.According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft
Publish At:2021-01-13 11:41 | Read:115 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Email Security Incident Res

SAP Patches Serious Code Injection, DoS Vulnerabilities

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities.SAP also published a total of 7 other updates for previously released security notes on this month’s Patch Day, for a total of 17 Notes. Five of these carry the highest severity rating of Hot News.Dealing with multiple vulnerabili
Publish At:2021-01-12 16:11 | Read:148 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Intel Packs Ransomware Detection Directly Into vPro Platform

At the virtual Consumer Electronics Show (CES) on Monday, chipmaker Intel announced CPU-based ransomware detection capabilities has been fitted directly into the Intel vPro platform.  Increasingly targeting businesses, ransomware has become the most prominent threat to enterprises, requiring advanced solutions to keep their data and the data of the
Publish At:2021-01-12 12:17 | Read:188 | Comments:0 | Tags:Disaster Recovery Endpoint Security NEWS & INDUSTRY Appl

'Earth Wendigo' Hackers Exfiltrate Emails Through JavaScript Backdoor

A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan.  According to an advisory from Trend Micro, the attacks are linked to Earth Wendigo, a threat actor that does not appear to be affiliated with known hacking groups.Star
Publish At:2021-01-06 19:47 | Read:174 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Email Sec

Researchers Warn of New Ransomware Targeting Enterprise Networks

Security researchers have spotted a brand new ransomware family taking aim at corporate networks, warning that professional cybercriminals have already hit multiple organizations with the file-encryption scheme.The new ransomware family, called Babuk, has claimed at least four corporate victims facing data recovery extortion attempts.According to researcher
Publish At:2021-01-06 15:53 | Read:115 | Comments:0 | Tags:Disaster Recovery Endpoint Security NEWS & INDUSTRY Emai

Data Security Providers Netwrix and Stealthbits Merge

Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. Founded in 2006, the Irvine, California-based Netwrix claims to provide over 10,000 organizations around the world with the necessary tools to reclaim control over sensitive, business-critical data, helping
Publish At:2021-01-05 16:29 | Read:132 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Audits Email S

U.S. Government Warns of Phishing, Fraud Schemes Using COVID-19 Vaccine Lures

Several U.S. government organizations have issued warnings regarding various types of fraud and phishing schemes that use COVID-19 vaccine-related topics to lure potential victims.While these types of operations typically impact non-enterprise users, some people could open the malicious websites or emails associated with these schemes from work devices, whic
Publish At:2020-12-23 04:47 | Read:279 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Email Security Fraud

Google Issues Post Mortem on Gmail, YouTube Outage

Google has blamed a bug in its global authentication system for last week's outage that affected Gmail, Calendar, YouTube, Meet and multiple other Google services.The 47-minute outage last Monday, which severely affected operations at workplaces and schools globally, was caused by a bug in an automated quota management system that powers the Google User ID S
Publish At:2020-12-21 13:47 | Read:289 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Email Security Inciden

Email Address of Instagram Users Exposed via Facebook Business Suite

A researcher has earned over $13,000 for a flaw that exposed the email address and birth date of Instagram users via the Facebook Business Suite.The issue was discovered in October by Saugat Pokharel, a researcher based in Nepal, and it was patched within hours by Facebook.Pokharel identified the vulnerability while analyzing the Facebook Business Suite inte
Publish At:2020-12-21 13:47 | Read:274 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Vulnerabilities

Apple Patches Code Execution Flaws iOS and iPadOS

Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities.The iOS 14.3 and iPadOS 14.3 release will provide cover for 11 documented security flaws, some serious enough to expose iPhones and iPads to code execution attacks.The most serious of the bugs could all
Publish At:2020-12-14 17:59 | Read:187 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Email

New Injection Technique Exposes Data in PDFs

Security researchers on Thursday documented and described a new injection technique capable of extracting sensitive data from PDF files.“One simple link can compromise the entire contents of an unknown PDF,” researcher Gareth Heyes warned during a presentation at the Black Hat Europe security conference.The new code-injection technique essentially allows hac
Publish At:2020-12-10 16:29 | Read:218 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em


Tag Cloud