HackDig : Dig high-quality web security articles for hacker

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a
Publish At:2019-11-30 07:35 | Read:115 | Comments:0 | Tags:Bad Sites Exploits Internet of Things Malware Open source Sp

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:452 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Microsoft releases the open-source scanning tool Sonar

Microsoft announced the availability of Sonar, an open source linting and website scanning tool that was developed by the Microsoft Edge team. The open source tool was designed to allow developers to identify and solve performance and security issues, it is available on GitHub. The Microsoft Edge team donated Sonar to the JS Foundation, the tech giant will c
Publish At:2017-10-26 20:40 | Read:3350 | Comments:0 | Tags:Breaking News Hacking open source Sonar tool

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:4060 | Comments:0 | Tags:Application Security Risk Management Application Development

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:2657 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics

By Marco Balduzzi and Federico Maggi The security industry as a whole loves collecting data, and researchers are no different. With more data, they commonly become more confident in their statements about a threat. However, large volumes of data require more processing resources, as extracting meaningful and useful information from highly unstructured data i
Publish At:2017-07-28 11:00 | Read:3034 | Comments:0 | Tags:Open source DefPloreX

In Case You Missed the Memo: What’s New in IBM’s Application Security Testing?

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss
Publish At:2017-06-28 14:55 | Read:2905 | Comments:0 | Tags:Application Security Cloud Security Risk Management Applicat

Introducing Moby Project: a new open-source project to advance the software containerization movement

Since Docker democratized software containers four years ago, a whole ecosystem grew around containerization and in this compressed time period it has gone through two distinct phases of growth. In each of these two phases, the model for producing container systems evolved to adapt to the size and needs of the user community as well as the project and the g
Publish At:2017-05-24 19:05 | Read:3518 | Comments:0 | Tags:Engine Engineering Networking News Orchestration Registry Re

Taming the Open Source Beast With an Effective Application Security Testing Program

Cute Attacks With Acute Impact on Your Application Security Testing Effectiveness Here we go again: Another attack with a cute name is about to make the news. More dangerous than a Ghost, a POODLE, a FREAK, a Heartbleed, a Shellshock or the other 6,000-plus attacks that show up each year, we know at least two things about it:   It will probably attack
Publish At:2017-05-05 01:55 | Read:3466 | Comments:0 | Tags:Application Security Cloud Security DevOps Open Source Stati

Smart Whitelisting Using Locality Sensitive Hashing

By Jon Oliver and Jayson Pryde Locality Sensitive Hashing (LSH) is an algorithm known for enabling scalable, approximate nearest neighbor search of objects. LSH enables a precomputation of a hash that can be quickly compared with another hash to ascertain their similarity. A practical application of LSH would be to employ it to optimize data processing and a
Publish At:2017-03-30 22:25 | Read:3204 | Comments:0 | Tags:Malware Open source Fuzzy Hashing Locality Sensitive Hashing

Netflix releases the Stethoscope tool to improve security

Netflix has released the Stethoscope open source web application that provides recommendations for securing their devices. Netflix has released Stethoscope, an open source web application that provides recommendations for securing computers, smartphones, and tablets. Netflix intends to follow a “user focused security” approach that aims to provide employees
Publish At:2017-02-23 15:55 | Read:3110 | Comments:0 | Tags:Breaking News Hacking Security data breach Netflix NetFlix S

Women in Information Security: Zoё Rose

Women are eagerly needed in information security because we offer unique perspectives and there are so few of us.So far in this series, I interviewed Tiberius Hefflin, Tracy Maleef, Isly, Kat Sweet, and Jess Dodson–five different women from different parts of the English-speaking world and from different areas of IT.For my sixth and final interview, I
Publish At:2016-12-05 06:40 | Read:3786 | Comments:0 | Tags:Off Topic computing Cyber hacking Information Security Open

Linux hardening: a 15-step checklist for a secure Linux server

Most people assume Linux is secure, and that’s a false assumption. Imagine your laptop is stolen without first being hardened. A thief would probably assume your username is “root” and your password is “toor” since that’s the default password on Kali and most people continue to use it. Do you? I hope not.The negative career implications of choosing not to ha
Publish At:2016-11-25 20:40 | Read:9628 | Comments:0 | Tags:Linux Open Source Security Servers IDG Insider

Super Mari-owned: Startling Nintendo-based vulnerability discovered in Ubuntu

A vulnerability in a multimedia framework present on Version 12.04.5 of Ubuntu can be exploited by sound files meant to be played on the venerable Nintendo Entertainment System, according to security researcher Chris Evans.The vulnerability is the result of a flaw in an audio decoder called libgstnsf.so, which allows gstreamer Version 0.10 to play the NS
Publish At:2016-11-15 21:05 | Read:2884 | Comments:0 | Tags:Open Source Linux Security Vulnerability

Meet Apache Spot, a new open source project for cybersecurity

Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.Originally created by Intel and launched as the Open Network Insight (ONI
Publish At:2016-09-28 16:45 | Read:3214 | Comments:0 | Tags:Big Data Security Analytics Artificial Intelligence Open Sou


Share high-quality web security related articles with you:)


Tag Cloud