HackDig : Dig high-quality web security articles

Cookie Hijacking: More Dangerous Than it Sounds

Multifactor authentication (MFA) is a great way to prevent threat actors from using stolen credentials to access your network. But with remote work becoming the norm and the attack surface widening with more apps, devices and systems connecting than ever before, threat actors are working overtime to beat MFA. Cookie hijacking in particular is a problem. We
Publish At:2021-04-06 17:52 | Read:155 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Security

Health Care Cybersecurity: Costly Data Breaches, Ensuring PII Security and Beyond

As hospitals get smarter, threat actors have more routes inside. IBM’s recent research on the health care industry shows how smart tools, which could be very valuable for today’s medical facilities, also need healing of their own. What should hospital IT security teams look out for? Our overview of the state of cybersecurity in the health c
Publish At:2021-03-22 14:53 | Read:224 | Comments:0 | Tags:Security Intelligence & Analytics Data Protection Fraud Prot

Top 10 Cybersecurity Vulnerabilities of 2020

What cybersecurity vulnerabilities new and old should organizations look out for this year? Let IBM X-Force be your guide to today’s top cybersecurity threats with this detailed report. First, scanning for and exploiting vulnerabilities emerged as the top infection vector of 2020, according to the 2021 X-Force Threat Intelligence Index. In other words
Publish At:2021-03-10 22:05 | Read:343 | Comments:0 | Tags:Security Intelligence & Analytics Application Security Cloud

How Doxing Affects Gen Z

In the past, public and famous figures had to worry most about doxing. Two men were arrested in New York for doxing after posting home addresses and Social Security numbers of dozens of law enforcement personnel on the internet. Last year, federal prosecutors sentenced a former Senate aide for releasing personal information online about five senators in ret
Publish At:2021-02-05 10:41 | Read:352 | Comments:0 | Tags:Data Protection Fraud Protection Cyberattack Targeted Attack

5 Ways Companies Can Protect Personally Identifiable Information

Protecting personally identifiable information (PII) is one of the key aspects of a security expert’s job. What does personally identifiable information include? Social Security numbers, birth dates and places, financial accounts and more can give threat actors a foothold to identify someone or steal their money or identity. This data could also be us
Publish At:2021-02-05 10:41 | Read:334 | Comments:0 | Tags:Data Protection Cost of a Data Breach Fraud Protection Perso

Consider the Human Angle in Your Threat Modeling

When it comes to threat modeling, many businesses plan as if there were only a few possible scenarios in which cybersecurity or privacy-related incidents could occur. We need to plan for more cybersecurity hazards than just basic social engineering, insider threats and product vulnerabilities. Both our businesses and our customers face threats that are
Publish At:2021-02-03 15:47 | Read:359 | Comments:0 | Tags:Application Security Fraud Protection Identity & Access thre

A Look at HTTP Parameter Pollution and How To Prevent It

With HTTP Parameter Pollution (HPP) attacks, threat actors can hide scripts and processes in URLs. First discovered in 1999, this technique can also allow threat actors to pollute the parameters in the URL and the request body. This could lead to behavior changes in the app, such as cross-site scripting, privilege changes or granting unwanted access. 
Publish At:2021-02-03 11:53 | Read:329 | Comments:0 | Tags:Data Protection Fraud Protection Software & App Vulnerabilit

What You Need to Know About Scam Text Messages in 2021

The threat of scam text messages may now seem distant, even quaint. With all the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But, they can still be a big problem.  Short message service (SMS) scams are social engineering attacks that work like email phishing attacks. Called
Publish At:2021-01-28 11:35 | Read:456 | Comments:0 | Tags:Fraud Protection Identity & Access Mobile Security Phishing

TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?

October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released a new and more persistent version of the malware. In this post, IBM Trust
Publish At:2021-01-26 12:47 | Read:374 | Comments:0 | Tags:Data Protection Fraud Protection Malware TrickBot Trojan

Credential Stuffing: AI’s Role in Slaying a Hydra

One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have an open door into
Publish At:2021-01-25 09:29 | Read:504 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Artificia

Social Engineering And Social Media: How to Stop Oversharing

You’ve done your due diligence, practice good security hygiene and have the best security tools available. Now, your security posture is strong. But, your plan is only as good as your employees, and they may be letting you down when it comes to being ready for social engineering.   While employees clicking on phishing links still presents a
Publish At:2021-01-13 12:47 | Read:413 | Comments:0 | Tags:Fraud Protection Fraud Phishing Social Media social media en

‘Tis the Season for Nonprofit Cybersecurity Risks to Reach New Heights

The period between Christmas and New Year’s Day has long been the time people give to charities the most, making the charities themselves attractive targets for cyber criminals. Because the events of 2020 will likely boost existing trends, nonprofit cybersecurity challenges may be greater than ever this year — even as groups find themselves with
Publish At:2020-12-26 11:53 | Read:650 | Comments:0 | Tags:Data Protection Fraud Protection holiday Cyberattacks Cyberc

How to Not Fall for a Charity Scam This Holiday Season

This holiday season, many people will turn to charities to give back. The last thing they want to do is give money to scammers instead of a cause they truly support. According to the FBI’s website, charity fraud rises during the holidays, when people choose to make end-of-year tax deductible gifts. “Seasonal charity scams can pose greater diffi
Publish At:2020-12-18 12:47 | Read:491 | Comments:0 | Tags:Fraud Protection holiday Online Fraud Scam

E-Commerce Skimming is the New POS Malware

As the holiday shopping season shifts into high gear, the COVID-19 pandemic is accelerating an ongoing trend: shoppers are opting to buy online. Rather than flooding brick-and-mortar stores — and point-of-sale (POS) machines — with sales, studies suggest a high percentage of shoppers in 2020 will be using online options and e-commerce
Publish At:2020-12-16 10:05 | Read:389 | Comments:0 | Tags:Fraud Protection Malware Software & App Vulnerabilities E-co

WannaCry: How the Widespread Ransomware Changed Cybersecurity

If I had polled cybersecurity experts on their way to work on May 12, 2017, most of them would have said they knew a major cybersecurity event loomed. Yet, on that day no one expected that they were walking into the perfect storm — in the form of WannaCry ransomware, the most damaging cyberattack to date — when they traveled by car, train or fer
Publish At:2020-10-28 16:04 | Read:876 | Comments:0 | Tags:Data Protection Fraud Protection Identity & Access Incident