HackDig : Dig high-quality web security articles for hacker

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa
Publish At:2019-10-03 07:00 | Read:639 | Comments:0 | Tags:APT reports Featured Browser Digital Certificates Encryption

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:13850 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address

The Tor Project fixed a critical vulnerability dubbed TorMoil that could leak users real IP addresses to potential attackers. Tor users must update their Tor browser to fix a critical vulnerability, dubbed TorMoil, that could leak their real IP addresses to potential attackers when they visit websites with certain content. The Tor Project released the Tor Br
Publish At:2017-11-05 16:20 | Read:5300 | Comments:0 | Tags:Breaking News Hacking anonymity encryption Tor Tor Project T

The Power and Versatility of Pervasive Encryption

As cyberthreats make headlines, companies across the globe are working hard to develop efficient IT infrastructures capable of protecting sensitive data and maintaining compliance with privacy regulations. Although it checks both of these boxes, many organizations have been hesitant to adopt encryption due to cost, operational impact, the complexity of key m
Publish At:2017-11-04 02:00 | Read:4229 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

DUHK Attack allows attackers recover encryption keys used to secure VPN connections and web browsing sessions

DUHK is a vulnerability that allows attackers to recover secret encryption keys used to secure VPN connections and web browsing sessions After the disclosure of the KRACK and ROCA attacks, another attack scenario scares IT community. It is the DUHK vulnerability (Don’t Use Hard-coded Keys), it is the last cryptographic implementation vulnerability tha
Publish At:2017-10-25 07:50 | Read:3364 | Comments:0 | Tags:Breaking News Hacking DUHK attack encryption VPN

China widely disrupted WhatsApp in the country, broadening online censorship

The popular instant messaging application WhatsApp has been widely blocked in mainland China by the Government broadening online censorship. Bad news for the Chinese users of the popular instant messaging app WhatsApp because the application has been widely blocked in mainland China by the Government. Users are not able to send text messages, photo and video
Publish At:2017-09-27 05:25 | Read:3875 | Comments:0 | Tags:Breaking News Digital ID Laws and regulations ban Censorship

Java Key Store (JKS) format is weak and insecure

While preparing my talk for the marvelous BSides Zurich I noticed again how nearly nobody on the Internet warns you that Java’s JKS file format is weak and insecure. While users only need to use very strong passwords and keep the Key Store file secret to be on the safe side (for now!), I think it is important to tell people when a technology is weak. P
Publish At:2017-09-19 16:25 | Read:3211 | Comments:0 | Tags:Password cracking encryption Java Java Key Store JKS

Chrome will label Resources delivered via FTP as “Not Secure”

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome, Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.” The security improvement will be implement
Publish At:2017-09-18 00:05 | Read:2952 | Comments:0 | Tags:Breaking News Security Chrome encryption FTP Google HTTPS

Need-to-Know Only: Use Encryption to Make Data Meaningless to Prying Eyes

Organizations continue to be plagued by data breaches, and data is leaking from our enterprises in large quantities. However, data leakage is not the only issue. The problems — namely, regulatory fines, brand damage and lost revenue — begin when sensitive data that is readable and accessible falls into the wrong hands. Despite these concerns, security profes
Publish At:2017-08-29 10:15 | Read:3554 | Comments:0 | Tags:Data Protection Cryptography Data Security Encryption Encryp

The Power of Pervasive Encryption

The new z14 mainframe computer offers a chance to re-evaluate what a mainframe can do for an organization. Gone are the days when the mainframe was the only way to do computing. Today, there are new and different choices, and the z14 can make those choices practical. The z14 features standard improvements that users have come to expect, such as faster, mor
Publish At:2017-08-15 11:45 | Read:3575 | Comments:0 | Tags:Data Protection Mainframe Compliance Cryptography Data Secur

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra
Publish At:2017-08-09 10:25 | Read:4177 | Comments:0 | Tags:Research Encryption Malware Descriptions Ransomware Targeted

Experimental Mozilla Send service allows users share encrypted copy of huge files

Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. The service allows to easily share l
Publish At:2017-08-07 07:25 | Read:2738 | Comments:0 | Tags:Breaking News Security encryption file sharing Hacking Mozil

Facebook COO Sheryl Sandberg on Crypto weakening: Crypto War 2.0

Sheryl Sandberg on crypto weakening. The new Crypto war being started where government agencies are wanting a reduction in encryption strengths. DISCLAIMER: All views and facts explained in this article are the views of the author and does not in anyway related to the views of organization where the individual is employed. The article is an observation based
Publish At:2017-08-04 21:15 | Read:4207 | Comments:0 | Tags:Breaking News Cyber Crime cyber security encryption surveill

Pervasive Encryption Simplifies Mainframe Security

On July 17, IBM unveiled its z14 mainframe server, which combines the traditional mainframe hardware with new capabilities in areas such as cloud, cognitive, analytics, application management, blockchain, machine learning and more. Most importantly, z14 includes enhanced security features — namely, pervasive encryption — to help clients stay one step ahead
Publish At:2017-08-04 20:10 | Read:6105 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

Mainframe Data Is Your Secret Sauce: A Recipe for Data Protection

We in the security field like to use metaphors to help illustrate the significance of data in the enterprise. I’m a big fan of cooking, so I’ll use the metaphor of a secret sauce. Think about it: Each transaction basically reflects your organization’s unique relationship with a customer, supplier or partner. By sheer quantity alone, mainfra
Publish At:2017-07-31 23:40 | Read:3164 | Comments:0 | Tags:Data Protection Mainframe Compliance Encryption Mainframe Se


Share high-quality web security related articles with you:)


Tag Cloud