HackDig : Dig high-quality web security articles for hacker

MikroTik Router Vulnerabilities Can Lead to Backdoor Creation

A chain of vulnerabilities in MikroTik routers could allow an attacker to gain a backdoor. The chain starts with DNS poisoning, goes on to downgrading the installed version of MikroTik's RouterOS software, and ends with enabling a backdoor.Tenable found the vulnerabilities and disclosed two to MikroTik on September 11, 2019 (CVE-2019-3976 and CVE-2019-3977)
Publish At:2019-10-29 12:00 | Read:616 | Comments:0 | Tags:Network Security NEWS & INDUSTRY

Cloud Networking and Security Firm Aviatrix Raises $40 Million

Aviatrix, a California-based provider of cloud networking and security services for enterprises, on Monday announced that it raised $40 million in a Series C funding round.The round, which brings the total raised to date by Aviatrix to over $76 million, was led by CRV, with participation from Formation 8, Ignition Partners and Liberty Global Ventures.Aviatri
Publish At:2019-10-28 22:15 | Read:559 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Cloud Security Manageme

Fortinet Acquires Endpoint Security Firm enSilo

Fortinet on Monday announced that it has completed the acquisition of San Francisco-based endpoint security company enSilo in an effort to enhance and strengthen its solutions.Through the acquisition, Fortinet adds enSilo’s detection and response technology to its Security Fabric framework, which enables organizations to manage different segments of network
Publish At:2019-10-28 22:15 | Read:566 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Manag

Palo Alto Networks Blames Tariffs for Firewall Price Hikes

Network security firm Palo Alto Networks is planning to increase the price of its hardware products by a 5%, citing impact from recent tariffs for imported components. The Santa Clara, California-based cybersecurity company offers both network firewalls and cloud-based security solutions to help protect enterprise environments.The manufacturer relies on
Publish At:2019-10-25 22:15 | Read:294 | Comments:0 | Tags:Network Security NEWS & INDUSTRY

Researchers Warn of New Cache-Poisoned DoS Attack Method

A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable.The cache is meant to reduce the volume of network traffic through the reuse of HTTP responses and helps applications scale at large, in addition to providing protection against denial-of-service (DoS)
Publish At:2019-10-24 22:15 | Read:151 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Cloud Security Security

DDoS Attack Hits Amazon Web Services

Amazon Web Services (AWS) customers experienced service interruptions yesterday as the company struggled to fight off a distributed denial-of-service (DDoS) attack.As part of such an assault, attackers attempt to flood the target with traffic, which would eventually result in the service being unreachable.While customers were complaining of their inability t
Publish At:2019-10-24 10:15 | Read:127 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Incident Response Cloud

5G Myth Busting: Unpacking the Cybersecurity Risks and Realities

When 5G was formally announced in 2018, it came with promises of changing the face of wireless connectivity – those promises are finally being realized. Around the world, wireless carriers are switching on functionality and, in both the U.S. and the UK, all major vendors have enabled it. But for now, 5G is only available in major urban areas, such as London,
Publish At:2019-10-23 22:15 | Read:342 | Comments:0 | Tags:INDUSTRY INSIGHTS Network Security

Outdated OSs Still Present in Many Industrial Organizations: Report

ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Outdated and unsupported operating systems are still present and they still pose a serious risk in many industrial organizations, according to a new report from industrial cybersecurity firm CyberX.The company’s 2020 Global IoT/ICS Risk Report is based on data passively collected by CyberX from over
Publish At:2019-10-22 10:15 | Read:245 | Comments:0 | Tags:Network Security NEWS & INDUSTRY SCADA / ICS Risk Manage

Critical Flaw Allows Unauthorized Access to Cisco Aironet APs

Cisco on Wednesday informed customers that some of its Aironet access points (APs) are affected by a critical vulnerability that can be exploited by a remote attacker to gain unauthorized access to devices.The flaw, tracked as CVE-2019-15260, is caused by insufficient access control for some URLs, which allows an attacker to gain access with elevated privile
Publish At:2019-10-17 12:00 | Read:127 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Critical Flaw in Sophos Cyberoam Appliances Allows Remote Code Execution

A critical vulnerability patched recently by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges.The flaw, tracked as CVE-2019-17059, affects the CyberoamOS Linux-based operating system and it can be exploited by sending specially crafted requests to the product’s Web Admin o
Publish At:2019-10-14 12:00 | Read:342 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

15 Easy, Effective Ways to Start Winning Back Your Online Privacy

Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back. Like most people, the internet knows way too much about me — my age, address, phone
Publish At:2019-10-12 11:20 | Read:481 | Comments:0 | Tags:Family Safety ad blockers children's privacy cloud security

No Patch for Critical Code Execution Flaw Affecting D-Link Routers

A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched.Tracked as CVE-2019-16920 and featuring a CVSS score of 9.8, the vulnerability was found in D-Link DIR-655, DIR-866L, DIR-652, and DHP-1565 routers, all of which are no longer supported, meaning that no patch will be re
Publish At:2019-10-09 12:00 | Read:271 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

NIST's Zero Trust Taxonomy Introduces Components, Threats and Migration Routes

NIST has published a draft Zero Trust Architecture (ZTA) special publication (SP.800.207). The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, and to define ZTA, describe possible deployment scenarios, and highlight threats.NIST stresses that the primary purpose of the document (PDF) is to develop a stan
Publish At:2019-10-07 12:00 | Read:169 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Identity & Access S

New Anomali Tool Finds Threat Data in News, Blogs, Social Networks

Threat intelligence firm Anomali on Monday announced the launch of Lens, a new tool designed to make it easier for organizations to find and use threat data from a wide range of sources.Anomali Lens is part of the company’s Altitude solution, which also includes its flagship threat intelligence platform ThreatStream and Match, a breach detection platform tha
Publish At:2019-09-30 12:00 | Read:243 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats Ris

Magecart Hackers Target L7 Routers

One of the financially motivated threat actors operating under the Magecart umbrella appears to be testing malicious code to inject into commercial-grade layer 7 (L7) routers, IBM reports.These devices are used by hotels, resorts, airports, and in other public locations. According to IBM, Magecart Group 5 (MG5) is attempting to load code into the JavaScript
Publish At:2019-09-27 12:00 | Read:333 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats Wir

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud