HackDig : Dig high-quality web security articles for hacker

Microsoft Warns of Persistent Windows Hello for Business Orphaned Keys

Microsoft this week issued guidance regarding Windows Hello for Business (WHfB) public keys that persist even after the devices they are tied to are removed from Active Directory.These WHfB public keys, the tech company explains, are written to the on-premises Active Directory after the user sets up WHfB. Tied to the user and the device added to Azure AD, th
Publish At:2019-12-05 22:15 | Read:150 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities

Researcher Unveils CrackQ, a New Password Cracking Manager

CrackQ Password Cracking Manager is an Interface for Hashcat Served by a REST API and a JavaScript Web AppHashcat is billed as the world's fastest password cracker. It uses the power of graphical processing units (GPUs) to compare guessed plaintext passwords with known password hashes at high speed -- often at hundreds of billions of guesses per second -- un
Publish At:2019-12-04 22:15 | Read:188 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Black Hat

Making the Most of a Changing Workforce Environment

The Greek philosopher Heraclitus is quoted as having said, “change is the only constant in life.”  While I’m not sure that I agree with this statement completely, it is an interesting one. The quote provoked me to think about how it might apply to the security profession. After some thinking, I do believe that we can learn some interesting security less
Publish At:2019-12-04 12:00 | Read:95 | Comments:0 | Tags:INDUSTRY INSIGHTS Identity & Access Training & Certi

Twitter Users Can Now Use 2FA Without a Phone Number

Twitter this week announced that its users no longer need a phone number to add extra protection to their accounts via 2-Factor Authentication (2FA). Until now, the social platform required users to supply a phone number to receive login codes via text (SMS) messages, but additional options are now available, Twitter says. Twitter users currently h
Publish At:2019-11-22 22:15 | Read:275 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access

1Password Raises $200 Million in Series A Funding

Popular password manager 1Password has closed a $200 million Series A round, which the company says is the first outside investment following 14 years of growth and profitability. As a completely bootstrapped company founded in 2005, 1Password has gained millions of users worldwide and is used by 50,000+ paying business customers, including IBM, Slack,
Publish At:2019-11-18 22:15 | Read:219 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access

eCommerce Fraud Prevention Firm Riskified Raises $165 Million

Ecommerce fraud prevention solutions provider Riskified has raised $165 million in a Series E funding round at a valuation of over $1 billion.The latest funding round, which brings the total raised by the firm to over $228 million, was led by General Atlantic, with participation from Fidelity Management & Research Company, Winslow Capital Management, and
Publish At:2019-11-11 22:15 | Read:151 | Comments:0 | Tags:NEWS & INDUSTRY Fraud & Identity Theft Identity &

Adobe Exposed Creative Cloud Customer Information

Adobe has admitted that some Creative Cloud customer information — 7.5 million records, according to the researchers who stumbled upon the data — was exposed recently due to a misconfiguration.Researcher Bob Diachenko and Comparitech reported last week that they had identified an unprotected Elasticsearch database — the database was accessible without a pass
Publish At:2019-10-28 10:15 | Read:467 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Data Protection Cl

New Azure AD Feature Detects Unauthorized Access Attempts

Microsoft this week announced the public preview of a new feature that allows enterprise users to check their Azure Active Directory sign-ins for any unusual activity.Dubbed Azure AD My Sign-In, the new feature provides users with information on any attempts to guess a password, tells them whether the attacker managed to successfully sign in to the account,
Publish At:2019-10-22 10:15 | Read:284 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Risk Management Cl

Hackers Could Have Hijacked Trump Campaign Email Server

The official campaign website of U.S. President Donald Trump exposed information that may have allowed hackers to intercept emails and send out emails on behalf of the Trump campaign.The issue was related to Laravel, a popular open source PHP web application framework. The framework includes a debug mode that allows developers to find errors and misconfigura
Publish At:2019-10-18 08:30 | Read:363 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Identity & Access Vul

Apple: Safari Does Not Send User Browsing History to China's Tencent

Safari does use Tencent to ensure that users in China do not navigate to malicious websites, but it never sends the actual URL of a visited site to the Chinese company, Apple says.The explanation was given following a series of reports that Safari is sending user data to the Chinese conglomerate, thus spurring multiple privacy concerns among users.The tech g
Publish At:2019-10-16 12:00 | Read:298 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Identity & Access Data Prote

Hundreds of Fake Election Domains Target Democrats, Republicans

Threat intelligence company Digital Shadows has uncovered over 550 fake domains attempting to mimic websites related to the 2020 presidential election in the United States.The company’s researchers identified typosquatted domains targeting Democratic and Republican candidates, along with funding sites of the Republican Party.Roughly one-third of the typosqua
Publish At:2019-10-16 12:00 | Read:273 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Risk Management Ma

Google's USB-C Titan Security Key Arrives in the U.S.

Starting today, October 15, users in the United States have a new two-factor authentication (2FA) method at their disposal in the form of Google’s USB-C Titan Security Key.Manufactured in partnership with Yubico, the USB-C Titan Security Key is compatible with Android, Chrome OS, macOS, and Windows devices.Just as other 2-step verification (2SV) options avai
Publish At:2019-10-15 12:00 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access

Pass the Hash Remains a Poorly Defended Threat Vector

In 2010, SANS reported that knowledge of the Pass the Hash attack first described some thirteen years earlier was still poor. By 2019, knowledge of the threat vector that has now been in the public domain for more than two decades has improved, but is still not complete.Password management firm One Identity surveyed (PDF) more than 1,000 qualified individual
Publish At:2019-10-09 12:00 | Read:393 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Security Infrastru

NIST's Zero Trust Taxonomy Introduces Components, Threats and Migration Routes

NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats.NIST stresses that the primary purpose of the document (PDF) is to develop a stan
Publish At:2019-10-07 12:00 | Read:330 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Identity & Access S

Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure

A researcher has used a free tool that he created and open source intelligence (OSINT) to demonstrate how easy it is for adversaries to gather intelligence on critical infrastructure in the United States.The researcher, known online as Wojciech, used his Kamerka tool to find industrial control systems (ICS) in the United States, map them to geographical loca
Publish At:2019-10-04 00:00 | Read:483 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Identity & Access Risk M

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud