HackDig : Dig high-quality web security articles

US Government tells firms not to give in to ransomware demands

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands.In an updated advisory, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mi
Publish At:2021-09-23 12:28 | Read:219 | Comments:0 | Tags:Featured Articles cryptocurrency cybercrime OFAC ransomware

VERT Threat Alert: September 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th.In-The-Wild & Disclosed CVEsCVE-2021-40444This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon successful exploit
Publish At:2021-09-14 16:23 | Read:178 | Comments:0 | Tags:Featured Articles VERT CVE Patch Tuesday

Where Should We Draw the Cyber Blue Line?

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate?The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable ones, i.e. ch
Publish At:2021-09-14 00:39 | Read:179 | Comments:0 | Tags:Featured Articles Cyberspace encryption law enforcement Priv

Microsoft warns of a Windows zero-day security hole that is being actively exploited

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations.The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content.According to
Publish At:2021-09-09 12:27 | Read:141 | Comments:0 | Tags:Featured Articles ActiveX microsoft vulnerability Windows ze

FBI and CISA warn that cybercriminals don’t take holidays

The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations, warning about an increase in the number of attacks coinciding with weekends and holidays.With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about their network
Publish At:2021-09-02 12:27 | Read:120 | Comments:0 | Tags:Featured Articles FBI CISA cyber

Using Threat Modeling to Boost Your Incident Response Strategy

Threat modeling is increasing in importance as a way to plan security in advance. Instead of merely reacting to threats and incidents, an organization can identify and evaluate its security posture, relevant threats, and gaps in defenses that may allow attacks to succeed.Threat modeling has a two-way relationship with incident response:When an attack happens
Publish At:2021-08-23 00:32 | Read:378 | Comments:0 | Tags:Featured Articles incident response security posture threat

The Top 10 Highest Paying Jobs in Information Security – Part 1

Want a job in cybersecurity? There are plenty to go around. Cybersecurity Ventures estimated that there will be 3.5 million job openings in the industry by the end of the year. That makes sense. According to Gartner, global spending on information security and risk management technology is expected to exceed $150 billion in 2021. Organizations are going to n
Publish At:2021-08-17 06:45 | Read:323 | Comments:0 | Tags:Featured Articles Off Topic Information Security Infosec job

Remember a Polaroid? Why This Matters and How Tripwire Keeps this Tradition Alive

We’re going to talk about state versus change. For the purposes of our discussion, you need to know that Tripwire Enterprise offers something called TE Commander.Many enterprise applications lack a native command line interface. This can be a challenge if you want to automate and integrate basic operations, which is a necessary function in most enterpr
Publish At:2021-08-09 02:05 | Read:397 | Comments:0 | Tags:Featured Articles FIM Scans SCM Tripwire Enterprise

BlackMatter rises from the ashes of notorious cybercrime gangs to pose new ransomware threat

A new ransomware gang that calls itself BlackMatter has launched itself on the dark web, and is actively attempting to recruit criminal partners and affiliates to attack large organisations in the United States, UK, Canada, and Australia.As experts at Recorded Future describe, the BlackMatter gang is advertising for “initial access brokers” ̵
Publish At:2021-07-29 11:47 | Read:614 | Comments:0 | Tags:Featured Articles cybercrime cybercriminals ransomware threa

Protecting People, Across Professional and Personal Life

Jihana Barrett, CEO of Cybrsuite explains the security needs from not just from an enterprise perspective but for day-to-day life. She also tells us about how her organization, Tech Sorority, provides valuable professional support and guidance for women in tech.Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnmStitcher: https://www.stitcher.com/po
Publish At:2021-07-26 05:47 | Read:1072 | Comments:0 | Tags:Featured Articles cybersecurity passwords responsibility soc

British man arrested in connection with Twitter mega-hack that posted cryptocurrency scam from celebrity accounts

Police in Spain have arrested a British man in connection with what many consider the worst hack in Twitter’s history.In July 2020, the Twitter accounts of public figures and well-known organisations were compromised, allowing malicious hackers to post tweets to millions of unsuspecting followers.Compromised accounts included those of then-Presidential
Publish At:2021-07-22 13:41 | Read:466 | Comments:0 | Tags:Featured Articles arrest cryptocurrency Cybercriminal Hacker


SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable incident investigation, and speed up your incident response time, while also giving you a unified, holistic vi
Publish At:2021-07-20 07:05 | Read:580 | Comments:0 | Tags:Featured Articles Incident Detection Log Management and SIEM

What are Product Security Incident Response Team (PSIRT) Best Practices?

In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135.Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred the smal
Publish At:2021-07-14 11:35 | Read:408 | Comments:0 | Tags:Featured Articles CVE SonicWall vulnerability security

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing, on its own, cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis, and are required by standards
Publish At:2021-07-07 10:05 | Read:453 | Comments:0 | Tags:Featured Articles Vulnerability Management penetration testi

What is Asset Discovery? A Look Beneath the Surface

The corporate network can be a busy place with devices connecting, reconnecting and disconnecting every day. With the ever-growing landscape of today’s corporate networks, the difficulty of knowing and understanding what is on an enterprise network has highlighted the importance of effective asset discovery. So what does asset discovery involve? Asset discov
Publish At:2021-07-07 06:11 | Read:566 | Comments:0 | Tags:Featured Articles Security Controls asset discovery BYOB Fou


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud