HackDig : Dig high-quality web security articles for hacker

A Proposed New Trust Framework for Physical and Digital Identity Interactions

Identity is a difficult term to define in the cybersecurity world. The range of personal information that can be associated with an identity interaction is highly dependent on the situational context of the interaction. The definition of identity also depends on the context of the medium within which it is exchanged. In the physical world, when we talk about
Publish At:2020-03-13 07:59 | Read:389 | Comments:0 | Tags:Identity & Access Collaboration Compliance Customer Experien

Embracing the Power of Community for Better Security

If you ask any business leader what their goals are for 2020, at some level you’re likely to hear “innovation.” Innovation is essential for competing in the global economy because it helps businesses stay relevant and teams work more efficiently. This need for constant improvement is incredibly clear in the security industry, where both bus
Publish At:2020-03-05 08:37 | Read:296 | Comments:0 | Tags:Cloud Security Collaboration Innovation Open Source Security

European Commission has chosen the Signal app to secure its communications

The popular cross-platform encrypted messaging service Signal has been chosen by the European Commission for its communications. The European Commission has decided to adopt for its staff the popular cross-platform encrypted messaging service Signal for its communications. The news was first reported earlier this month by the Politico website, a messa
Publish At:2020-02-25 08:59 | Read:302 | Comments:0 | Tags:Breaking News Security End-to-end Encryption information sec

The Past, Present and Future of Security Information and Event Management (SIEM)

With the release of the 2020 Gartner Magic Quadrant for Security Information and Event Management (SIEM), we feel that it is an appropriate time to reflect on the evolution of SIEM over the years. Starting out as a tool originally designed to assist organizations with compliance, SIEM evolved into an advanced threat detection system, then into an investigati
Publish At:2020-02-24 09:37 | Read:401 | Comments:0 | Tags:Incident Response Security Intelligence & Analytics Advanced

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a
Publish At:2019-11-30 07:35 | Read:760 | Comments:0 | Tags:Bad Sites Exploits Internet of Things Malware Open source Sp

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:999 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Microsoft releases the open-source scanning tool Sonar

Microsoft announced the availability of Sonar, an open source linting and website scanning tool that was developed by the Microsoft Edge team. The open source tool was designed to allow developers to identify and solve performance and security issues, it is available on GitHub. The Microsoft Edge team donated Sonar to the JS Foundation, the tech giant will c
Publish At:2017-10-26 20:40 | Read:3876 | Comments:0 | Tags:Breaking News Hacking open source Sonar tool

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:4644 | Comments:0 | Tags:Application Security Risk Management Application Development

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:2962 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics

By Marco Balduzzi and Federico Maggi The security industry as a whole loves collecting data, and researchers are no different. With more data, they commonly become more confident in their statements about a threat. However, large volumes of data require more processing resources, as extracting meaningful and useful information from highly unstructured data i
Publish At:2017-07-28 11:00 | Read:3510 | Comments:0 | Tags:Open source DefPloreX

In Case You Missed the Memo: What’s New in IBM’s Application Security Testing?

In the popular office parody “Office Space,” there’s an ongoing joke about a recent memorandum that requires employees to attach cover sheets to their testing procedure specification (TPS) reports when they submit them to management. When fictional corporate executive Bill Lumbergh confronts employee Peter Gibbons at his cubicle to discuss
Publish At:2017-06-28 14:55 | Read:3334 | Comments:0 | Tags:Application Security Cloud Security Risk Management Applicat

Introducing Moby Project: a new open-source project to advance the software containerization movement

Since Docker democratized software containers four years ago, a whole ecosystem grew around containerization and in this compressed time period it has gone through two distinct phases of growth. In each of these two phases, the model for producing container systems evolved to adapt to the size and needs of the user community as well as the project and the g
Publish At:2017-05-24 19:05 | Read:4008 | Comments:0 | Tags:Engine Engineering Networking News Orchestration Registry Re

Taming the Open Source Beast With an Effective Application Security Testing Program

Cute Attacks With Acute Impact on Your Application Security Testing Effectiveness Here we go again: Another attack with a cute name is about to make the news. More dangerous than a Ghost, a POODLE, a FREAK, a Heartbleed, a Shellshock or the other 6,000-plus attacks that show up each year, we know at least two things about it:   It will probably attack
Publish At:2017-05-05 01:55 | Read:3917 | Comments:0 | Tags:Application Security Cloud Security DevOps Open Source Stati

Smart Whitelisting Using Locality Sensitive Hashing

By Jon Oliver and Jayson Pryde Locality Sensitive Hashing (LSH) is an algorithm known for enabling scalable, approximate nearest neighbor search of objects. LSH enables a precomputation of a hash that can be quickly compared with another hash to ascertain their similarity. A practical application of LSH would be to employ it to optimize data processing and a
Publish At:2017-03-30 22:25 | Read:3764 | Comments:0 | Tags:Malware Open source Fuzzy Hashing Locality Sensitive Hashing

Netflix releases the Stethoscope tool to improve security

Netflix has released the Stethoscope open source web application that provides recommendations for securing their devices. Netflix has released Stethoscope, an open source web application that provides recommendations for securing computers, smartphones, and tablets. Netflix intends to follow a “user focused security” approach that aims to provide employees
Publish At:2017-02-23 15:55 | Read:3511 | Comments:0 | Tags:Breaking News Hacking Security data breach Netflix NetFlix S

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud