HackDig : Dig high-quality web security articles for hacker

APWG: Two-Thirds of all Phishing Sites Used SSL protection in Q3

<p>This week, APWG released its <u>findings from Q3</u> that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now
Publish At:2019-11-14 16:15 | Read:394 | Comments:0 | Tags:APWG https

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa
Publish At:2019-10-03 07:00 | Read:776 | Comments:0 | Tags:APT reports Featured Browser Digital Certificates Encryption

49 Percent of Phishing Sites Now Use HTTPS

<p><img src="https://info.phishlabs.com/hs-fs/hubfs/Green%20Pad%20Lock%20HTTPS.png?width=195&amp;name=Green%20Pad%20Lock%20HTTPS.png" alt="Green Pad Lock HTTPS" width="195" style="width: 195px; float: right; margin: 0px 10px 10px 0px;">Since 2015 there has been a steady increase in threat actors’ use of SSL certificates to add an air of legit
Publish At:2019-09-19 22:40 | Read:473 | Comments:0 | Tags:https

More Than Half of Phishing Sites Now Use HTTPS

<p>As more of the web further embrace HTTPS and SSL certs, it’s becoming a requirement that threat actors use it, too. By the end of Q1 2019, more than half of all phishing sites have employed the use of HTTPS, <a href="http://docs.apwg.org/reports/apwg_trends_report_q1_2019.pdf">now up to 58%</a>. This is a major milestone and shows that t
Publish At:2019-09-19 22:40 | Read:383 | Comments:0 | Tags:https

APWG: Phishing Continues to Rise, Threat Actors Love Gift Cards

<p>This week APWG released its <u>findings from Q2</u> of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that phishing attacks continue to increase, both SaaS and email service providers are prime targets, BEC attacks are focused on getting gift
Publish At:2019-09-19 22:40 | Read:449 | Comments:0 | Tags:Phishing APWG BEC https

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:5023 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

Five Key IT Security Best Practices to Safeguard Your Expanding Business

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating
Publish At:2017-10-22 05:00 | Read:4092 | Comments:0 | Tags:Application Security Retail Risk Management Application Secu

Chrome will label Resources delivered via FTP as “Not Secure”

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome, Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.” The security improvement will be implement
Publish At:2017-09-18 00:05 | Read:3016 | Comments:0 | Tags:Breaking News Security Chrome encryption FTP Google HTTPS

The Internet’s Freshest Wounds: My Thoughts On Ticketbleed, Cloudbleed and HTTPS

UPDATE 2/24/17, 4:30 PM PST: Researcher Hanno Böck (@hanno) has confirmed that leaked CloudFlare data was not entirely purged from multiple search engine caches ahead of the public disclosure.In April 2014, the security community was shocked with the revelation that a poorly implemented TLS extension in OpenSSL could allow attackers to easily disclose privat
Publish At:2017-02-25 03:05 | Read:6113 | Comments:0 | Tags:IT Security and Data Protection Cloudbleed Cloudflare Google

Making the Move to an All-HTTPS Network

Many website operators have wrestled with the decision to move all their web infrastructure to support HTTPS protocols. The upside is obvious: better protection and a more secure pathway between browser and server. Having a secure connection also makes it harder for cybercriminals to insert man-in-the-middle (MitM) or man-in-the-browser (MitB) attacks, and i
Publish At:2017-02-24 09:15 | Read:4351 | Comments:0 | Tags:Infrastructure Protection Network & Endpoint Browser Securit

Chrome will mark HTTP connections to websites as non-secure from January 2017

From January 2017, Chrome will indicate connection security with an icon in the address bar labelling HTTP connections to sites as non-secure. Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS for its free domain service prov
Publish At:2016-09-09 22:45 | Read:3250 | Comments:0 | Tags:Breaking News Digital ID Security encryption Google HTTP con

HTTPS is not a magic bullet for Web security

We're in the midst of a major change sweeping the Web: the familiar HTTP prefix is rapidly being replaced by HTTPS. That extra "S" in an HTTPS URL means your connection is secure and that it's much harder for anyone else to see what you're doing. And on today's Web, everyone wants to see what you're doing.HTTPS has been around nearly as long as the Web, but
Publish At:2016-07-11 14:10 | Read:5479 | Comments:0 | Tags:Features Risk Assessment HTTPS

HTTPS crypto’s days are numbered. Here’s how Google wants to save it

Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe.In the coming months, Goog
Publish At:2016-07-09 07:25 | Read:5092 | Comments:0 | Tags:Risk Assessment Technology Lab cryptography encryption HTTPS

Security week-in-review: Alleged DNC papers leaked in the latest whodunit

It’s hard to keep up with the hundreds of security-specific headlines published every week. So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android vulnerabilities, stolen DNC data, and a serious scam against enterprises. Check back every Friday to learn about the lat
Publish At:2016-06-17 18:45 | Read:4203 | Comments:0 | Tags:Security android Android Vulnerabilities Apple bug bounty da

Google is bringing HTTPS to all blogspot domain blogs

Google decided to switch on default HTTPS for its free domain service provider Blogspot, the migration will be easy and transparent for the users. After WordPress also Google decided to switch on default HTTPS for its free domain service provider Blogspot. The measure will impact millions of users of the popular platform. Since September 2015 Google had intr
Publish At:2016-05-05 00:20 | Read:4975 | Comments:0 | Tags:Breaking News Digital ID Blogspot encryption Google HTTPS


Share high-quality web security related articles with you:)


Tag Cloud