HackDig : Dig high-quality web security articles for hackers

How to Leverage MTD Solutions to Comply with NIST 800-124r2 Guidelines

Prior to the global pandemic, we were beginning to see a shift in companies realizing the need for mobile device and app security. Private and public sector organizations alike, began to see how hackers were breaching and compromising mobile devices and – in turn – putting their employees and the companies themselves at risk.  And then came COVI
Publish At:2020-09-08 14:42 | Read:310 | Comments:0 | Tags:Mobile Threat Defense COVID-19 MFA MTD NIST VPN

4 Steps to Help You Plan a Cyber Resilience Roadmap

What is cyber resilience?  According to IBM Security’s 2020 Cyber Resilient Organization Report, a cyber resilient organization is one that “more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.”  In a more colloquial sense, the “further alo
Publish At:2020-07-22 09:40 | Read:378 | Comments:0 | Tags:CISO Risk Management NIST Chief Information Security Officer

Transportation Systems Sector Cybersecurity Framework Implementation Guide

As smart ticketing systems and technological solutions become more prevalent in the transportation industry, the issue of transportation systems’ cybersecurity becomes a greater concern.Transportation Systems Cybersecurity is a Major ConcernIn August 2019, Transport for London (TfL) was forced to temporarily close down the online facility for its Oyste
Publish At:2020-06-23 00:12 | Read:540 | Comments:0 | Tags:Featured Articles ICS Security NIST train underground

Final Version of NIST SP 1800-23 Guides Identification of Threats to OT Assets

In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guid
Publish At:2020-06-08 01:09 | Read:657 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST operat

NIST shared dataset of tattoos that’s been used to identify prisoners

byLisa VaasIn 2017, the Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit looking to force the FBI and the National Institute of Standards and Technology (NIST) to cough up info about Tatt-C (also known as the Tattoo Recognition Challenge): a tattoo recognition program that involves creating an “open tattoo database
Publish At:2020-03-19 12:45 | Read:903 | Comments:0 | Tags:Law & order Privacy biometrics eff Electronic Frontier Found

How to Leverage NIST Cybersecurity Framework for Data Integrity

Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized manner. Tripwire is very proud to have contributed and collaborated with other technology vendo
Publish At:2020-03-11 01:03 | Read:807 | Comments:0 | Tags:IT Security and Data Protection cybersecurity NCCoE NIST

The War of Passwords: Compliance vs NIST

The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems still mandate these complexity requirements for passwords. What gives?There’s
Publish At:2020-03-05 04:40 | Read:842 | Comments:0 | Tags:IT Security and Data Protection compliance NIST password

Modernizing Threat Management for the Evolving Attack Surfaces of OT, IoT and IoMT

The traditional threat landscape comprised of conventional IT assets is difficult enough to protect, detect and respond to, but the landscape seems to be quickly expanding beyond traditional IT. Those new domains are operational technology (OT), the internet of things (IoT) and the internet of medical things (IoMT). Devices from non-traditional IT environmen
Publish At:2020-03-04 13:39 | Read:857 | Comments:0 | Tags:Endpoint Energy & Utility Healthcare Threat Intelligence NIS

NIST SP 1800-23, Energy Sector Asset Management: Securing Industrial Control Systems

Industrial organizations face a growing list of digital threats these days. Back in April 2019, for instance, FireEye revealed that it had observed an additional intrusion by the threat group behind the destructive TRITON malware at another critical infrastructure. This discovery came less than two years after the security firm discovered an attack in which
Publish At:2019-10-18 10:10 | Read:1399 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST

What role does data destruction play in cybersecurity?

When organization leaders think about cybersecurity, it’s usually about which tools and practices they need to add to their stack—email protection, firewalls, network and endpoint security, employee awareness training, AI and machine-learning technology—you get the idea. What’s not often considered is which items should be taken away. Nearly
Publish At:2019-09-20 23:20 | Read:5520 | Comments:0 | Tags:Business data data breach data destruction Data privacy dega

7 Questions to Ask Your Child’s School About Cybersecurity Protocols

Just a few weeks into the new school year and, already, reports of malicious cyberattacks in schools have hit the headlines. While you’ve made digital security strides in your home, what concerns if any should you have about your child’s data being compromised at school? There’s a long and short answer to that question. The short answer is don’t
Publish At:2019-09-19 23:20 | Read:2016 | Comments:0 | Tags:Family Safety BYOD cyberattack cybercrime cybersafety cybers

Is Your Mobile Carrier Your Weakest Link?

More online services than ever now offer two-step authentication — requiring customers to complete a login using their phone or other mobile device after supplying a username and password. But with so many services relying on your mobile for that second factor, there has never been more riding on the security of your mobile account. Below are some tips
Publish At:2017-09-01 00:45 | Read:4623 | Comments:0 | Tags:Other AT&T Authy Bictoin theft CloudFlare Google Authenticat

eBay Asks Users to Downgrade Security

Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essential
Publish At:2017-03-23 08:00 | Read:4272 | Comments:0 | Tags:Other eBay 2FA eBay security eBay two-factor authentication

5 Employee Awareness Predictions for 2017

Threats to cybersecurity and data privacy continue to evolve, and 2017 will be no different.A sampling of recent prediction articles bears this out. Data breaches will become better targeted and cost more. Hackers will find more avenues to access sensitive data in order to make money off of it. Ransomware will “spin out of control.”But that’s not my angle—I’
Publish At:2016-12-20 16:35 | Read:5354 | Comments:0 | Tags:Featured Articles Security Awareness data breach Hacker micr

NIST Small Business Information Security guide for Small businesses

The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses. I have always stressed the necessity to improve cyber security posture for small businesses that are most exposed to threat actors across the world. Now the National Institute of Standards and Technology has released a
Publish At:2016-11-14 13:55 | Read:4020 | Comments:0 | Tags:Breaking News Laws and regulations Security cyber security N

Tools

Tag Cloud