HackDig : Dig high-quality web security articles for hackers

United Nations data breach exposed over 100k UNEP staff records

Today, researchers have responsibly disclosed a security vulnerability by exploiting which they could access over 100,000 private employee records of United Nations Environmental Programme (UNEP).The data breach stemmed from exposed Git directories and credentials, which allowed the researchers to clone Git repositories and gather a large amount of pers
Publish At:2021-01-11 06:43 | Read:176 | Comments:0 | Tags:Security Government

Biden blasts Trump administration over SolarWinds attack response

U.S. President-Elect Joe Biden has criticized the Trump administration over the lack of response regarding the SolarWinds response and for failing to officially attribute the attacks.The SolarWinds hack is "a massive cybersecurity breach against US companies, many of them, as well as federal agencies" according to Biden."And there's still so much we don't kn
Publish At:2020-12-22 18:43 | Read:229 | Comments:0 | Tags:Security Government

SolarWinds hackers breach agency in charge of US nuclear weapons

Nation-state hackers have breached the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE).NNSA is a semi-autonomous government agency responsible for maintaining and securing the U.S. nuclear weapons stockpile.The NNSA was established by the US Congress in 2000 and it is al
Publish At:2020-12-17 17:49 | Read:209 | Comments:0 | Tags:Security Government hack

CISA: APT group behind US govt hacks used multiple access vectors

The US Cybersecurity and Infrastructure Security Agency (CISA) said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector."CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update
Publish At:2020-12-17 13:55 | Read:249 | Comments:0 | Tags:Security Government CISA hack

Update on Widespread Supply-Chain Compromise

SolarWinds has announced a cyberattack on its systems that compromised specific versions of the SolarWinds Orion Platform, a widely used network management tool. SolarWinds reports that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by a nation state, but it has not, to date, independently verified the
Publish At:2020-12-16 21:47 | Read:262 | Comments:0 | Tags:Incident Response Network Threat Intelligence Government IBM

DHS-CISA urges admins to patch OpenSSL DoS vulnerability

This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability impacting the open source project.U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately.Caused by null pointers in SSL certificate name validationTh
Publish At:2020-12-09 14:49 | Read:237 | Comments:0 | Tags:Security Government Vulnerability CISA

Police arrest two in data theft cyberattack on Leonardo defense corp

Italian police have arrested two people allegedly for using malware to steal 10 GB of confidental data and military secrets from defense company Leonardo S.p.A.Leonardo is one of the world's largest defense contractors, with 30% of the company owned by the Italian Ministry of Economy and Finance. As a multi-national company, they are headquartered in It
Publish At:2020-12-05 17:13 | Read:388 | Comments:0 | Tags:Security Government cyber

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain

At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19
Publish At:2020-12-03 10:05 | Read:317 | Comments:0 | Tags:Government Healthcare Threat Research Phishing Phishing Emai

A Look at the Computer Security Act of 1987

U.S. Federal Cybersecurity TodayComputer security regulations have come a long way from their early beginnings.  Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security prote
Publish At:2020-12-02 02:44 | Read:433 | Comments:0 | Tags:Featured Articles Government computer security Federal feder

Indian National to Spend 20 Years in Prison for Call Center Scheme

An Indian national received a prison sentence of 20 years for having created a call center scheme that preyed upon U.S. individuals.On November 30, U.S. District Judge David Hittner handed down a 20-year prison sentence to Hitesh Madhubhai Patel, aka Hitesh Hinglaj, 44, of Ahmedabad, India.The sentence stemmed from charges of wire fraud conspiracy along with
Publish At:2020-12-01 11:08 | Read:295 | Comments:0 | Tags:Government Latest Security News call center prison

IoT cybersecurity bill passed by Senate

Days before taking a week-long Thanksgiving recess, the US Senate passed an almost mundane cybersecurity bill that, if approved by the President, will improve security guidelines and protocols for Internet of Things (IoT) devices purchased and owned by the Federal government. The bill, called the Internet of Things Cybersecurity Improvement Act of 2020, w
Publish At:2020-11-25 13:36 | Read:254 | Comments:0 | Tags:Government Security world House of Representatives Internet

Joe Biden's 'Vote Joe' website defaced by Turkish Hackers

This week, the Vote Joe site set up by the Biden-Harris Presidential campaign had been hacked and defaced by a Turkish hacker called RootAyyildiz.Based on the evidence and the archived snapshots of the site, it appears the breach and defacement had lasted for over 24 hours.Vote Joe site defaced this weekUp until November 9th or so, days after the 2020 U.S. P
Publish At:2020-11-21 13:55 | Read:354 | Comments:0 | Tags:Security Government hack

Trump fires DHS cybersecurity director Chris Krebs

President Trump has fired Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA), after Krebs disputed claims that the U.S. 2020 Presidential Election was insecure and fraudulent.Trump appointed Krebs as the first director of CISA after it was established on November 16, 2018, as part of the Cybersecurity and Infrastructure Secu
Publish At:2020-11-18 00:07 | Read:418 | Comments:0 | Tags:Security Government security cyber cybersecurity

HMRC smishing tax scam targets UK banking customers

An advanced HM Revenue and Customs (HMRC) tax rebate scam is targeting UK residents this week via text messages (SMS).The smishing campaign is concerning as it employs multiple HMRC phishing domains and tactics, with new domains added every day as older ones get flagged by spam filters.Not only do the phishin
Publish At:2020-11-08 17:48 | Read:317 | Comments:0 | Tags:Security Government

Trump lawsuit site to report rejected votes leaked voter data

The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona "rejected votes" lawsuit was discovered to be leaking voter data.The data included the voter name, address, and a unique identifier. However, reports have surfaced of users alleging the website has SQL Injection flaws that make
Publish At:2020-11-08 13:54 | Read:344 | Comments:0 | Tags:Security Government

Tools

Tag Cloud