HackDig : Dig high-quality web security articles

The OSI Model and You Part 5: Stopping Threats at the OSI Session Layer

In our journey through the Open Systems Interconnection (OSI) seven layers of networking, the OSI session layer is a gatekeeper that manages the connection between applications. In other words, we are past just connecting devices. Now, we need to do something with that connection, which at this stage is called a session. This part of the OSI model gets into
Publish At:2021-06-21 10:27 | Read:105 | Comments:0 | Tags:Mobile Security Application Security Data Protection Network

Kaspersky Details Iranian Domestic Cyber-Surveillance Operation

Threat hunters at Kaspersky are sounding a warning for an Iranian APT actor that has been silently conducting domestic cyber-surveillance operations for the last six years.The newly discovered APT, which Kaspersky calls Ferocious Kitten, has been active since at least 2015 and has used clever computer infection tricks to hijack Telegram and Chrome installati
Publish At:2021-06-16 16:14 | Read:120 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

Securing Your Remote Workforce Under Constant Change

A remote workforce under constant threat requires continuous vigilance and timely responsesNetwork and online security are serious issues. But for most infosec teams, there is real skepticism about whether all the security features they’ve installed and all the protocols they follow are actually deterring bad actors. Particularly now, following the horrendou
Publish At:2021-06-15 16:50 | Read:112 | Comments:0 | Tags:Endpoint Security INDUSTRY INSIGHTS Network Security Securit

Identity-Based Access Provider Elisity Raises $26 Million

Identity management provider Elisity on Tuesday announced that it secured $26 million in Series A funding, bringing the total raised by the company to $33.5 million.The new funding round was co-led by Two Bear Capital and AllegisCyber Capital, with participation from previous investor Atlantic Bridge.Elisity says the investment will be used to scale and expa
Publish At:2021-06-15 16:50 | Read:99 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Researchers Attribute SITA Cyberattack to Chinese Hackers

The cyberattack on SITA that impacted multiple airlines around the world was orchestrated by a Chinese nation-state threat actor tracked as APT41, security researchers at detection and prevention firm Group-IB say.Codenamed ColunmTK and disclosed in early March 2021, the attack affected airlines such as Air India, Air New Zealand, Finland’s Finnair, Singapor
Publish At:2021-06-14 17:26 | Read:92 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack

Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach.CodeCov, a little-known startup considered the vendor of choice for measuring code coverage in the tech industry, has shipped an entirely new Uploader us
Publish At:2021-06-14 17:26 | Read:80 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

The OSI Model and You Part 4: Stopping Threats at the OSI Transport Layer

As we’ve talked about in the rest of this series, there are several ways to use the Open Systems Interconnection (OSI) seven layers of networking model to help us secure our networks and make them more resilient. Now, we’ve reached the first of the ‘host’ layers, the OSI transport layer.  Previously, we described ‘wha
Publish At:2021-06-14 11:25 | Read:86 | Comments:0 | Tags:Mobile Security Application Security Data Protection Network

Attackers Leverage SonicWall VPN Flaw to Compromise SRA Appliances

Malicious hackers are exploiting an old VPN security flaw to compromise SonicWall SRC (secure remote access) devices, according to a warning from security vendor CrowdStrike.The vulnerability in question, tracked as CVE-2019-7481, was originally patched by SonicWall back in 2019 but CrowdStrike is warning that the firmware updates did not properly
Publish At:2021-06-10 22:34 | Read:95 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

What is Network Detection and Response and Why is it So Important?

Networks are the foundation of today’s connected world. They allow millions of people, devices, apps and systems to talk with one another every minute of the day. Without networks, modern communication as we know it would cease to exist. Today’s organizations depend on networks and their critical role in overall IT infrastructure. So, it’s
Publish At:2021-06-10 09:50 | Read:197 | Comments:0 | Tags:Intelligence & Analytics Application Security Data Protectio

Amazon Sidewalk Mesh Network Raises Security, Privacy Concerns

Amazon this week activated its proprietary mesh network known as Sidewalk, linking tens of millions of Amazon smart devices, each sharing a tiny sliver of their bandwidth to provide a wide network of connectivity even when and where WiFi service is poor or unavailable.Like all new technologies, it is being promoted with attractive use cases – such as the abi
Publish At:2021-06-09 15:21 | Read:237 | Comments:0 | Tags:Mobile Security Network Security NEWS & INDUSTRY Privacy

Kubeflow Deployments Targeted in New Crypto-mining Campaign

A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft.According to Microsoft, the recent campaign popped up on their radar at the end of May, when TensorFlow pods started being deployed at scale on multiple Kubernet
Publish At:2021-06-09 15:21 | Read:141 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning

Cisco’s Smart Install protocol is still being abused in attacks — five years after the networking giant issued its first warning — and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new
Publish At:2021-06-09 11:27 | Read:244 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Cybercr

SAP Patches Critical Vulnerabilities in NetWeaver

German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day.SAP NetWeaver received the largest number of patches with a total of 10 security notes documenting and resolving vulnerabilities.The most important of the new notes addresses an improper
Publish At:2021-06-08 19:51 | Read:120 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Adobe Patches Major Security Flaws in PDF Reader, Photoshop

Adobe’s product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.According to the San Jose, Calif. software maker, this month’s batch of patches address a swathe of potentially dangerous vulnerabilities in Adobe Acrobat and Reader, Adobe Photoshop, an
Publish At:2021-06-08 15:57 | Read:223 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

'Siloscape' Malware Targets Windows Server Containers

A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be use
Publish At:2021-06-07 16:33 | Read:252 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec