HackDig : Dig high-quality web security articles for hacker

2016 Phishing Trends & Intelligence Report: Hacking the Human

<p><img alt="PhishLabs_2016_Phishing_Trends_and_Intelligence_Report_-_Hacking_the_Human_Full_Image.jpg" src="http://info.phishlabs.com/hubfs/blog-files/PhishLabs_2016_Phishing_Trends_and_Intelligence_Report_-_Hacking_the_Human_Full_Image.jpg" style="width: 320px; margin: 0px 0px 10px 10px; float: right;" title="PhishLabs_2016_Phishing_Trends_and_Int
Publish At:2016-02-26 01:10 | Read:2965 | Comments:0 | Tags:PhishLabs General Threat Analysis Company News Phishing Tren

6 things I like about Gartner’s Cyber Resiliency Strategy

Posted August 27, 2015   Nigel HedgesMonday and Tuesday of this week I spent 2 days at the Gartner Security & Risk Summit in Sydney, milling around checking out the latest buzzwords and thought leadership around Information Security and Risk.I had a fantastic opportunity to participate in a panel slot with representatives from SkyHigh Netw
Publish At:2015-08-27 15:05 | Read:3321 | Comments:0 | Tags:General cyber resilience strategy gartner

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015   Morey HaberThe IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”. It provides tax return details for users that provide information regarding their identity. This information, when
Publish At:2015-05-28 03:45 | Read:1958 | Comments:0 | Tags:General get transcript internal revenue service irs data bre

April 2015 Patch Tuesday

Posted April 14, 2015   BeyondTrust Research TeamMicrosoft gave everyone a breather in this month’s Patch Tuesday, serving up fixes for a surprisingly modest 26 vulnerabilities. The fixes address various flaws including remote code execution, information disclosure, security feature bypass and cross-site scripting to name a few. Let̵
Publish At:2015-04-14 14:35 | Read:2897 | Comments:0 | Tags:General Network Security Vulnerability Management april 2015

“Fancybox for WordPress Has Expired” Infection

Today I began to notice quite a massive and very unusual attack that leverages vulnerabilities in older versions of the FancyBox for WordPress plugin. As you might know, versions 3.0.2 and older of this plugin allowed anyone to craft special POST requests to /wp-admin/admin-post.php or /wp-admin/admin-ajax.php and change values of specific plugin options in
Publish At:2015-04-02 02:20 | Read:2782 | Comments:0 | Tags:General Short Attack Reviews Website exploits April1 Fancybo

March 2015 Patch Tuesday

Posted March 10, 2015   BeyondTrust Research TeamMicrosoft patched 44 CVEs across 14 bulletins this month, with vulnerabilities in Internet Explorer and Adobe Font Driver necessitating the bulk of those fixes. With so many bulletins, it was only natural that a wide variety of security flaws were found:  remote code execution, elevation of priv
Publish At:2015-03-10 21:30 | Read:2070 | Comments:0 | Tags:General Network Security Vulnerability Management march 2015

February 2015 Patch Tuesday

Posted February 10, 2015   BeyondTrust Research TeamMicrosoft patched a fairly hefty 58 CVEs across 9 bulletins this month, with Internet Explorer taking the lion’s share of those fixes. Among the offending flaws are remote code execution, security bypass, elevation of privilege, and information disclosure vulnerabilities.MS15-009 fixes
Publish At:2015-02-11 20:40 | Read:3268 | Comments:0 | Tags:General Network Security Vulnerability Management february 2

The Anthem Breach: What We Know Now

Posted February 5, 2015   Morey HaberThe first thing I do in the morning when I reach the office is check my email. Today, I received this email from Anthem before I even saw the news:I have to give Anthem credit. I learned about the breach directly from the CEO before all the hype and speculation hit. This is the level of caring and responsib
Publish At:2015-02-06 00:30 | Read:2560 | Comments:0 | Tags:General Network Security Privileged Account Management Vulne

Advanced Threat Analytics Reveals Hidden Risks: Introducing BeyondInsight Clarity

Posted February 3, 2015   Chris BurdAn application is launched for the first time. An administrator logs in at 2am. A server has unpatched vulnerabilities. Seen individually, these events may be written off as low-risk blips. When combined on a single system, in a single time period, they add up to a red alert. Advanced persistent threats ofte
Publish At:2015-02-04 01:55 | Read:2780 | Comments:0 | Tags:General Network Security New Features Privileged Account Man

January 2015 Patch Tuesday

Posted January 14, 2015   BeyondTrust Research TeamStarting off the new year, Microsoft directs its focus more toward user rights and access. For the majority of bulletins, an attacker would need some form of authentication prior to elevating their privileges. Aside from these, the most notable vulnerability lies within an old friend named Tel
Publish At:2015-01-15 02:10 | Read:4658 | Comments:0 | Tags:General Network Security Security Research Vulnerability Man

December 2014 Patch Tuesday

Posted December 9, 2014   BeyondTrust Research TeamThis month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is
Publish At:2014-12-26 08:20 | Read:4088 | Comments:0 | Tags:General Network Security Privileged Account Management Secur

Analyzing [Buy Cialis] Search Results

A few days ago I was updating the spammy word highlighting functionality in Unmask Parasites results and needed to test the changes on real websites. To find hacked websites with spammy content I would normally google for [viagra] or [cialis], which are arguably the most targeted keywords used in black hat SEO hacks. However after the Google’s June up
Publish At:2014-08-15 20:40 | Read:11284 | Comments:1 | Tags:General black hat seo cialis cloaking doorway google hidden

Working With the Darkleech Bitly Data

Data Driven Security took the time to analyze the raw data that I published in my recent post on Sucuri blog about how I used Bitly data to understand the scale of the Darkleech infection. In their article, they have a few questions about data formats, meaning of certain fields and some inconsistencies, so I’ll try to answer their questions here and ex
Publish At:2014-08-15 20:40 | Read:3497 | Comments:0 | Tags:General Bitly Darkleech data statistics

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud