HackDig : Dig high-quality web security articles for hackers

NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.Detailed in late October 2020, the NAT Slipstreaming attack relies on tricking the victim into accessing a specially crafted website and exploits the browser on the device, alon
Publish At:2021-01-26 11:41 | Read:93 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Vulne

Google Warning: North Korean Gov Hackers Targeting Security Researchers

Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging to security researchers.Google’s Threat Analysis Group (TAG), a team that monitors global APT activity, said the ongoing campaign is aimed at security researchers working on vulnerability research and develop
Publish At:2021-01-25 23:59 | Read:104 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Phishers Target C-Suite with Fake Office 365 Password Expiration Reports

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro.Targeting organizations in finance, government, manufacturing, real estate, and technology sectors, the campaign has claimed victims in Japan, the Uni
Publish At:2021-01-25 20:05 | Read:111 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Email Security Fraud &

Sophos: Crypto-Jacking Campaign Linked to Iranian Company

An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos.The attacks result in the MrbMiner crypto-miner being installed onto the target servers, with the software apparently created, controlled, and hosted by a named Iranian company.The So
Publish At:2021-01-22 14:05 | Read:105 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.With Microsoft Edge 88.0.705.50 now rolling out, users get a built-in strong password ge
Publish At:2021-01-22 14:05 | Read:114 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC).The attackers, which some believe to be sponsored by Russia, breached SolarWinds’ systems i
Publish At:2021-01-21 14:41 | Read:95 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em

Enterprise Credentials Publicly Exposed by Cybercriminals

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.The corporate account credentials were stolen as part of a phishing campaign that kicked off in August 2020, targeting thousands of organizations worldwide.As part of the cam
Publish At:2021-01-21 14:41 | Read:147 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users. Since December 2020, it penetrated over 10 Demand Side Platforms (DSP), primarily Europe-based, with obse
Publish At:2021-01-20 15:17 | Read:151 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security F

Malwarebytes Targeted by SolarWinds Hackers

Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a sophisticated supply chain attack.Malwarebytes says it has not used any SolarWinds products, but its investigation revealed that the threat actor gained access to some of its systems
Publish At:2021-01-20 11:23 | Read:159 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats In

Microsoft Enables Automatic Remediation in Defender for Endpoint

Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews.Previously, the default automation level was set to Semi, meaning that users were required to approve any remediation. Now, for increased protection, the default was set to Full, and remediation is automat
Publish At:2021-01-19 11:59 | Read:146 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY

Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million

The Ryuk ransomware criminal enterprise is estimated to be worth more than $150,000,000, security researchers say.Initially detailed in 2018 and believed to be operated by Russian cybercriminals, Ryuk has become one of the most prevalent malware families, being used in various high-profile attacks, such as the targeting of Pennsylvania-based UHS and Alabama
Publish At:2021-01-18 16:29 | Read:178 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Fr

FBI Warns of Employee Credential Phishing via Phone, Chat

The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting
Publish At:2021-01-18 16:29 | Read:236 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Applicati

Data Security Startup Qohash Raises $6 Million

Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.Founded in 2018, the Quebec-based company provides customers with solutions focused on data discovery and classification, helping enterprises monitor data across their environments. Fu
Publish At:2021-01-15 18:17 | Read:147 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Facebook Takes Legal Action Against Data Scrapers

Facebook on Thursday announced that it took legal action against two individuals for scraping data from its website.In a lawsuit filed in Portugal, Facebook Inc. and Facebook Ireland seek permanent injunction against the two for violation of the social media platform’s terms of service and Portugal’s Database Protection Law.The social media giant says that t
Publish At:2021-01-15 10:29 | Read:117 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Fr

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from millions of
Publish At:2021-01-14 14:59 | Read:151 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Applic

Tools

Tag Cloud