HackDig : Dig high-quality web security articles

Pwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits

Trend Micro’s Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8.Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year’s event will be hybrid
Publish At:2021-01-27 07:11 | Read:463 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.Detailed in late October 2020, the NAT Slipstreaming attack relies on tricking the victim into accessing a specially crafted website and exploits the browser on the device, alon
Publish At:2021-01-26 11:41 | Read:428 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Vulne

DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks

Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.The vulnerabilities, collectively tracked as DNSpooq, impact Dnsmasq, a widely used piece of open source software designed to provide DNS
Publish At:2021-01-20 08:45 | Read:391 | Comments:0 | Tags:Network Security NEWS & INDUSTRY SCADA / ICS Risk Manage

For Attackers, Home is Where the Hideout Is

Remember the good ol’ days of playing hide-and-seek? It’s hard to forget the rush of finding the perfect hiding place. I remember crouching into a tiny ball behind the clothes hanging in my mother’s closet, or standing frozen like a statue behind the curtain of our living room window. While it was “just a game” when we were kid
Publish At:2021-01-19 20:53 | Read:445 | Comments:0 | Tags:Data Protection Network Data Breach Internet of Things (IoT)

Hundreds of Networks Still Host Devices Infected With VPNFilter Malware

The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro.Identified in 2018 and mainly focusing on Ukraine, VPNFilter rose to fame quickly due to the targeting of a large number of routers and network-attached storage (NAS) device
Publish At:2021-01-19 15:53 | Read:212 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

OWASP Top 10 Vulnerabilities IoT Security: Lack of Physical Hardening

With ever increases attack surfaces with IoT devices, physical hardening is also one of the important aspects of IoT Security. Many times these devices are being part of critical infrastructure and threat actors will desire to backdoor it abusing the OWASP top 10 vulnerabilities. There are a majority of ways in which an Iot device can be compromised and e
Publish At:2021-01-19 14:31 | Read:513 | Comments:0 | Tags:Cloud Security iOS Penetration Testing IoT Security News OWA

IoT Security Firm Vdoo Expands Series B Funding to $57 Million

New Funding Will Help IoT Device Security Firm Support Growing Demand from Telcos and Utilities Israeli IoT security start-up Vdoo announced on Wednesday that it has extended its Series B funding round to $57 million, bringing the total amount raised by the company to $70 million. The company previously announced its Series B round in April 2019 marked
Publish At:2021-01-13 15:35 | Read:280 | Comments:0 | Tags:IoT Security security

Ubiquiti breach, and other IoT security problems

Networking equipment manufacturer Ubiquiti sent out an email to warn users about a possible data breach. The email stated there had been unauthorized access to its IT systems that are hosted with a third-party cloud provider. Ubiquiti Networks sells networking devices and IoT devices. It did not specify which products were affected but pointed at UI.com,
Publish At:2021-01-12 16:00 | Read:524 | Comments:0 | Tags:IoT 2fa chastity belt IoT security passwords traffic lights

U.S. Releases Cybersecurity Plan for Maritime Sector

The U.S. government has released a plan with a list of top-priority items to mitigate threats and provide security to the crucial maritime sector.The National Maritime Cybersecurity Plan, which was made public (PDF) on Tuesday, highlights several priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.The maritime s
Publish At:2021-01-05 20:23 | Read:499 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Incident Response Comp

FBI: Home Surveillance Devices Hacked to Record Swatting Attacks

A warning issued this week by the FBI warns owners of smart home devices with voice and video capabilities that these types of systems have been targeted by individuals who launch so-called “swatting” attacks.Swatting is a hoax where someone tricks emergency services into deploying armed law enforcement to a targeted individual’s location by claiming there i
Publish At:2020-12-30 12:17 | Read:413 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Tracking & Law Enfor

Hacking Christmas Gifts: Artie Drawing Robot

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward thei
Publish At:2020-12-23 13:32 | Read:433 | Comments:0 | Tags:Internet of Things IoT IoT security robot WiFi hack

5 IoT Threats To Look Out for in 2021

As we bring 2020 to a close, it’s time to look at 2021 and a new chapter in the book of cybersecurity. While there are no doubt a multitude of possible attacks, here are six types of attacks that are becoming more popular and more common among attackers using Internet of things (IoT) threats. 1. Built-In IoT Threats As entities embrace the IoT, they s
Publish At:2020-12-23 09:47 | Read:375 | Comments:0 | Tags:Security Intelligence & Analytics Security Services Internet

7 Cybersecurity Tools On Our Holiday Wish List

The holiday season is upon us. After a difficult year, and facing an even more challenging year ahead, digital defense experts don’t have visions of sugar plums dancing in their heads. Instead, they dream of cybersecurity tools and other resources to help them cope with a wild threat landscape.  Here’s our ultimate holiday wish list. 
Publish At:2020-12-22 18:11 | Read:584 | Comments:0 | Tags:Application Security Artificial Intelligence Cloud Security

CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.A low-level TCP/IP software
Publish At:2020-12-22 13:11 | Read:453 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices

Vulnerabilities discovered in Medtronic’s MyCareLink Smart 25000 Patient Reader product could be exploited to take control of a paired cardiac device.Designed to obtain information from a patient’s implanted cardiac device, the MCL Smart Patient Reader then sends the data to the Medtronic CareLink network, to facilitate care management, through the patient’s
Publish At:2020-12-15 13:29 | Read:377 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security hack