HackDig : Dig high-quality web security articles

Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices

A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.The security hole, tracked as CVE-2021-0254 and affecting the Junos operating system, was discovered by Nguyễn Hoàng Thạch, aka d4rkn3ss, a researcher with Singapore-based cyberse
Publish At:2021-04-16 11:25 | Read:180 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Domain Name Security Neglected by U.S. Energy Companies: Report

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric ut
Publish At:2021-04-15 15:50 | Read:170 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Email Security Identity

NVIDIA Unveils 'Morpheus' Cybersecurity Framework

NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.According to NVIDIA, Morpheus leverages machine learning to identify anomalies and threats — such as phishing, data leaks and malware — through real-time inspection of all IP traffic in an organiz
Publish At:2021-04-15 08:00 | Read:136 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Cloud Security Security

MS Patch Tuesday: NSA Reports New Critical Exchange Flaws

Just weeks after a wave of major in-the-wild zero-day attacks against Exchange Server installations globally, Microsoft is raising a fresh alarm for four new critical security flaws that expose businesses to remote code execution attacks.The four new Exchange Server vulnerabilities were fixed as part of this month’s Patch Tuesday bundle and because of the se
Publish At:2021-04-13 16:50 | Read:142 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Joker Android Trojan Lands in Huawei AppGallery App Store

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud. Last year, the malware was observed perfor
Publish At:2021-04-12 21:15 | Read:105 | Comments:0 | Tags:Disaster Recovery Endpoint Security Mobile Security Network

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers

Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. In 2020, more than 17,000 vulnerabilities were reported to NIST, and more than 4,000 of these were high priority. Knowing which of these affect you, where
Publish At:2021-04-12 13:25 | Read:78 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

CISA Releases Tool to Detect Microsoft 365 Compromise

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.Dubbed Aviary, the new tool is a dashboard that makes it easy to visualize and analyze output from Sparrow, the compromise detection
Publish At:2021-04-09 14:58 | Read:70 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator

Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems. Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how “autonomous agents operate in a simulated ente
Publish At:2021-04-09 14:58 | Read:123 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration

Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report.With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and a
Publish At:2021-04-09 07:10 | Read:149 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats App

Vulnerability in 'Domain Time II' Could Lead to Server, Network Compromise

A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday.Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools pr
Publish At:2021-04-08 07:46 | Read:192 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Securit

Threat Actors Quick to Target (Patched) SAP Vulnerabilities

Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.In some cases, exploitation attempts were observed shortly after the security bugs are made public: scanning for vulnerable systems started 48 hours after patches were rel
Publish At:2021-04-06 16:46 | Read:84 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

All Eyes on PCAP: The Gold Standard of Traffic Analysis

PCAP Enables Defenders to See and Capture Exactly What Has Happened Across a Network, But Comes With ChallengesPCAP, or full packet data capture for analysis, does what it says – it captures the entirety of every packet that comprises the network traffic (both metadata and content). If something happens on the network, PCAP knows about it. Whether it is malw
Publish At:2021-04-06 08:58 | Read:172 | Comments:0 | Tags:Network Security NEWS & INDUSTRY

CISA, FBI Warn of Attacks Targeting Fortinet FortiOS

The U.S. government is warning that Advanced Persistent Threat (APT) actors are exploiting vulnerabilities in Fortinet FortiOS in ongoing attacks targeting commercial, government, and technology services networks.The warning, issued in a joint advisory by FBI and the Cybersecurity and Infrastructure Security Agency (CISA), follows the recent release of
Publish At:2021-04-05 13:28 | Read:243 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Unpatched RCE Flaws Affect Tens of Thousands of QNAP SOHO NAS Devices

A pair of unpatched vulnerabilities in QNAP small office/home office (SOHO) network attached storage (NAS) devices could allow attackers to execute code remotely, according to a warning from security researchers at SAM Seamless Network.The bugs were found to affect QNAP TS-231 SOHO NAS devices running firmware version, but potentially impact other
Publish At:2021-04-01 19:42 | Read:204 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

DHS Gives Federal Agencies 5 Days to Identify Vulnerable MS Exchange Servers

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers in their environments within five days.Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 reque
Publish At:2021-04-01 19:42 | Read:170 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli