HackDig : Dig high-quality web security articles for hackers

Leveraging Open Source Can be Powerful for Cybersecurity

Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to each other as a broader force. Thus, while innovation may happen for individual products, that innovation may not flow
Publish At:2020-07-24 09:11 | Read:242 | Comments:0 | Tags:Risk Management Advanced Threat Protection Innovation Mirai

Why Security Orchestration, Automation and Response (SOAR) Is Fundamental to a Security Platform

Security teams today are facing increased challenges due to the “new normal” created by the recent global health crisis. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees must move to a virtual security operations center (SOC) model while address
Publish At:2020-05-24 06:18 | Read:460 | Comments:0 | Tags:CISO Cloud Security Incident Response Automation Cloud Servi

Grouping Linux IoT Malware Samples With Trend Micro ELF Hash

  The internet of things (IoT) has swiftly become a seemingly indispensable part of our daily lives. The IoT devices in pockets, homes, offices, cars, factories, and cities make people’s lives more efficient and convenient. It is little wonder, then, that IoT adoption continues to increase. In 2019, the number of publicly known IoT platforms grew to 62
Publish At:2020-04-21 12:17 | Read:716 | Comments:0 | Tags:Internet of Things Open source Clustering algorithm internet

Extend Your Incident Response Program to DevOps With Security Automation

One of the biggest challenges facing security teams when it comes to incident response is complexity. The continual growth in volume and severity of cyberattacks has led to increased business process and technical complexity as different threat vectors have required security leaders to purchase point solutions with unique user interfaces, custom APIs and bus
Publish At:2020-04-15 07:54 | Read:668 | Comments:0 | Tags:Incident Response Automation Collaboration Data Breaches Dev

TA505 Continues to Infect Networks With SDBbot RAT

IBM X-Force Incident Response and Intelligence Services (IRIS) responds to security incidents around the globe. During analysis and comparison of malicious activity on enterprise networks, our team identified attacks likely linked to Hive0065, also known as TA505. We observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside o
Publish At:2020-04-14 12:36 | Read:769 | Comments:0 | Tags:Advanced Threats Incident Response Command-and-Control (C&C)

A Proposed New Trust Framework for Physical and Digital Identity Interactions

Identity is a difficult term to define in the cybersecurity world. The range of personal information that can be associated with an identity interaction is highly dependent on the situational context of the interaction. The definition of identity also depends on the context of the medium within which it is exchanged. In the physical world, when we talk about
Publish At:2020-03-13 07:59 | Read:998 | Comments:0 | Tags:Identity & Access Collaboration Compliance Customer Experien

Embracing the Power of Community for Better Security

If you ask any business leader what their goals are for 2020, at some level you’re likely to hear “innovation.” Innovation is essential for competing in the global economy because it helps businesses stay relevant and teams work more efficiently. This need for constant improvement is incredibly clear in the security industry, where both bus
Publish At:2020-03-05 08:37 | Read:753 | Comments:0 | Tags:Cloud Security Collaboration Innovation Open Source Security

European Commission has chosen the Signal app to secure its communications

The popular cross-platform encrypted messaging service Signal has been chosen by the European Commission for its communications. The European Commission has decided to adopt for its staff the popular cross-platform encrypted messaging service Signal for its communications. The news was first reported earlier this month by the Politico website, a messa
Publish At:2020-02-25 08:59 | Read:753 | Comments:0 | Tags:Breaking News Security End-to-end Encryption information sec

The Past, Present and Future of Security Information and Event Management (SIEM)

With the release of the 2020 Gartner Magic Quadrant for Security Information and Event Management (SIEM), we feel that it is an appropriate time to reflect on the evolution of SIEM over the years. Starting out as a tool originally designed to assist organizations with compliance, SIEM evolved into an advanced threat detection system, then into an investigati
Publish At:2020-02-24 09:37 | Read:861 | Comments:0 | Tags:Incident Response Security Intelligence & Analytics Advanced

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a
Publish At:2019-11-30 07:35 | Read:1341 | Comments:0 | Tags:Bad Sites Exploits Internet of Things Malware Open source Sp

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:1586 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Microsoft releases the open-source scanning tool Sonar

Microsoft announced the availability of Sonar, an open source linting and website scanning tool that was developed by the Microsoft Edge team. The open source tool was designed to allow developers to identify and solve performance and security issues, it is available on GitHub. The Microsoft Edge team donated Sonar to the JS Foundation, the tech giant will c
Publish At:2017-10-26 20:40 | Read:4435 | Comments:0 | Tags:Breaking News Hacking open source Sonar tool

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:5100 | Comments:0 | Tags:Application Security Risk Management Application Development

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:3469 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics

By Marco Balduzzi and Federico Maggi The security industry as a whole loves collecting data, and researchers are no different. With more data, they commonly become more confident in their statements about a threat. However, large volumes of data require more processing resources, as extracting meaningful and useful information from highly unstructured data i
Publish At:2017-07-28 11:00 | Read:3936 | Comments:0 | Tags:Open source DefPloreX

Tools

Tag Cloud