HackDig : Dig high-quality web security articles for hackers

Is Cybersecurity Smart Enough to Protect Automated Buildings?

Hacked air conditioning and plummeting elevators?Imagine that you are in an elevator in a high rise building when suddenly the elevator starts to plummet with no apparent stopping mechanism other than the concrete foundation below.  While this may sound like something from a Hollywood movie, consider the idea that a securely tethered, fully functional e
Publish At:2020-11-25 03:02 | Read:70 | Comments:0 | Tags:Featured Articles ICS Security Automation ICS security IoT I

Podcast Episode 12 – Advocating for Hackers with Chloe Messdaghi

Chloe Messdaghi, VP of Strategy at Point3, advocate and activist joins the show to explain common misconceptions about the hacking community and how we can do better to combat those stigmas. She also unpacks the diversity challenges specifically in the infosec industry.Spotify: https://open.spotify.com/episode/7G9cXfVFeFxCfoEdhZlHOk?si=IZUhcqB1Q8WqG1h9vkRhJA
Publish At:2020-11-24 03:38 | Read:124 | Comments:0 | Tags:Featured Articles Podcast Hacker malicious actor pentesting

Lessons From Teaching Cybersecurity: Week 8

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to Python ai
Publish At:2020-11-24 03:38 | Read:91 | Comments:0 | Tags:Cyber Security Featured Articles basics careers foundational

From Alan Turing to Future Artificial Intelligences – Reading Security Signals

The notion that the time we are living in now is “unprecedented” is a common one, but historians and philosophers alike will happily note that things are rarely so different that we can’t learn a lot from the past. Despite IT often being dominated by forward-thinking individuals developing novel and innovative new designs, a lot of the problems and potential
Publish At:2020-11-23 00:20 | Read:134 | Comments:0 | Tags:Featured Articles IT Security and Data Protection AI Halting

Egregor Ransomware Attack Hijacks Printers to Spit Out Ransom Notes

So, you’re a ransomware gang and you want to ensure that you have caught the attention of your latest corporate victim.You could simply drop your ransom note onto the desktop of infected computers, informing the firm that their files have been encrypted.Too dull?You could lock infected PCs and display a ghoulish skull on a bright red background (most r
Publish At:2020-11-19 10:32 | Read:123 | Comments:0 | Tags:Featured Articles IT Security and Data Protection cyberattac

Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource managemen
Publish At:2020-11-19 02:44 | Read:100 | Comments:0 | Tags:Featured Articles Internet of Things IoT MQTT vulnerabilites

What Is SCM (Security Configuration Management)?

The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told McKinsey that they believed their security budgets would
Publish At:2020-11-16 08:26 | Read:139 | Comments:0 | Tags:Featured Articles Security Configuration Management Security

Lessons from Teaching: Week 7

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to Python ai
Publish At:2020-11-16 08:26 | Read:141 | Comments:0 | Tags:Featured Articles IT Security and Data Protection evaluation

SEC’s Office of Compliance Inspection and Examinations Warns of a Sudden Increase in Credential Stuffing Hack

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“This cyberattack involves using stolen credentials to log into web-based
Publish At:2020-11-16 00:37 | Read:103 | Comments:0 | Tags:Cyber Security Featured Articles credential stuffing Cyberat

7 Challenges that Stand in the Way of Your Compliance Efforts

Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit some time and resources in order to apply security standards and achieve compliance.Even so, organizations e
Publish At:2020-11-16 00:37 | Read:105 | Comments:0 | Tags:Featured Articles Regulatory Compliance compliance complianc

The North Face resets passwords after credential-stuffing attack

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack.The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts.
Publish At:2020-11-13 10:13 | Read:166 | Comments:0 | Tags:Featured Articles IT Security and Data Protection credential

Changes to Microsoft Security Bulletins

For those that have been in the industry for more a couple of years, you will remember when Microsoft retired the very powerful and well-documented security bulletins back in 2017. At the time, we felt that it was a severe reduction in the availability of information; Microsoft was suddenly communicating much less information. Yesterday, they did it again. A
Publish At:2020-11-11 19:13 | Read:127 | Comments:0 | Tags:Featured Articles security

What is Policy Compliance? Four Tips to Help You Succeed

Policy compliance within the information security space can be an exhausting concept to wrap our heads around. Writing a policy document, publishing it to staff and then staying hands-on to ensure it is followed in perpetuity is easily seen as an arduous, if not an impossible, task.Policies set the basis for every successful information security initiative.
Publish At:2020-11-10 00:19 | Read:167 | Comments:0 | Tags:Featured Articles IT Security and Data Protection accountabi

Capcom hacked. Resident Evil game developer discloses cyber attack

Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems.The maker of such well-known video games as “Resident Evil” and “Street Fighter” disclosed in a short press release that in the early hours of Monday some of its networks “exper
Publish At:2020-11-05 11:07 | Read:232 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Capcom cyb

3 Steps to Building a Resilient Incident Response Plan

According to the Accenture State of Cybersecurity 2020 report, the average cost of a cyber attack for ‘non-leaders’ stands at $380,000 per incident. The report classifies organizations into ‘leaders’ and ‘non-leaders.’ The ‘leaders’ are those who set the bar for innovation and achieve high-performing cyber resilience.Given the rate of cyber attac
Publish At:2020-11-04 07:49 | Read:95 | Comments:0 | Tags:Featured Articles IAM incident response SOAR

Tools