HackDig : Dig high-quality web security articles for hackers

Tripwire Patch Priority Index for May 2020

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal
Publish At:2020-05-31 23:20 | Read:104 | Comments:0 | Tags:Featured Articles VERT microsoft Priority Patch Index vulner

NetWalker Ransomware – What You Need to Know

What is NetWalker?NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data.Ransomware is nothing new. Why should I particularly care about NetWa
Publish At:2020-05-28 14:12 | Read:95 | Comments:0 | Tags:Featured Articles IT Security and Data Protection NetWalker

Business Continuity Requires Infrastructure Continuity in Times of Remote Working

Over the last few weeks, most organisations have had to transition to enable their employees to work remotely. The key focus has been on business continuity during this trying time. Unfortunately, business continuity isn’t so easy. Keeping the day-to-day operations of the business running has been one of the hardest IT challenges that most organisations have
Publish At:2020-05-28 00:50 | Read:102 | Comments:0 | Tags:Featured Articles IT Security and Data Protection asset mana

The MITRE ATT&CK Framework: Exfiltration

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage.Ransomware, for example, usually has no interest in exfiltrating data. As with the Collection tactic, there’s little guidance on how to mitigate an attacker exfiltrating da
Publish At:2020-05-27 05:35 | Read:113 | Comments:0 | Tags:Featured Articles MITRE Framework ATT&CK exfiltration MITRE

Observing a Privacy Milestone: Expert Thoughts on GDPR’s 2nd Anniversary

May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions.What benefits have those organizations experienced in achieving compliance, for instance?
Publish At:2020-05-25 01:18 | Read:103 | Comments:0 | Tags:Featured Articles Regulatory Compliance data privacy data pr

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could – he claims ̵
Publish At:2020-05-24 10:11 | Read:123 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Samsung vu

The MITRE ATT&CK Framework: Lateral Movement

It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time has attempted to spread across the network looking for other victims. More often than not, an attacker will gain an initial foothold and start to pivot across systems looking
Publish At:2020-05-24 10:02 | Read:71 | Comments:0 | Tags:Featured Articles MITRE Framework ATT&CK Lateral Movement MI

The top 10 most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.The l
Publish At:2020-05-24 09:59 | Read:68 | Comments:0 | Tags:Featured Articles IT Security and Data Protection vulnerabil

‘Glitch’ in Illinois’ PUA System Blamed for Exposing SSNs, Private Data

Government officials said that a glitch in the State of Illinois’ Pandemic Unemployment Assistance (PUA) program exposed thousands of people’s Social Security Numbers (SSNs) and other private data.Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois Departm
Publish At:2020-05-24 09:56 | Read:106 | Comments:0 | Tags:Featured Articles Illinois PUA SSN

The MITRE ATT&CK Framework: Collection

The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives.I see most of these techniques as being useful for describing what a piece of malware or threat actor is up to rather than looking to them for guidance on how to mitigate and detect their actions.Mitigation a
Publish At:2020-05-24 09:52 | Read:126 | Comments:0 | Tags:Featured Articles MITRE Framework ATT&CK collection MITRE

BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history.In an incident report published on its website, BlockFi was keen to stress that the hacker’s activity had been
Publish At:2020-05-24 09:49 | Read:71 | Comments:0 | Tags:Featured Articles IT Security and Data Protection cryptocurr

What is Configuration Drift?

In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like the Center for Internet Security (CIS) provide guidelines on how to best configure operating systems to minimize the attack surface. The CIS calls these “benchmarks.”Man
Publish At:2020-05-03 08:07 | Read:272 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Security C

Maze Ransomware – What You Need to Know

What’s this Maze thing I keep hearing about?Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data.There’s been plenty of ransomware before. What makes Maze so special?Like oth
Publish At:2020-05-03 08:06 | Read:279 | Comments:0 | Tags:Featured Articles IT Security and Data Protection data breac

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware – suggesting th
Publish At:2020-05-03 08:04 | Read:313 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Android ba

Building Effective Cybersecurity Budgets

Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with industry best practice and recognized security frameworks adds a small amount of clarity to this challenge.When presenting the webcast “It’s all
Publish At:2020-04-21 06:36 | Read:497 | Comments:0 | Tags:Featured Articles budget cybersecurity Resilience

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud