HackDig : Dig high-quality web security articles for hacker

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential
Publish At:2017-08-18 22:55 | Read:223 | Comments:0 | Tags:Other Amazon Macie Carbon Black DirectDefense Mike Viscuso s

Blowing the Whistle on Bad Attribution

The New York Times this week published a fascinating story about a young programmer in Ukraine who’d turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) l
Publish At:2017-08-18 04:30 | Read:136 | Comments:0 | Tags:Other CrowdStrike Defense Intelligence Agency DNC hack Drago

Beware of Security by Press Release

On Wednesday, the security industry once again witnessed an all-too-familiar cycle: I call it “security by press release.” It goes a bit like this: A security firm releases a report claiming to have unearthed a major flaw in a competitor’s product; members of the trade press uncritically republish the claims without adding much clarity or w
Publish At:2017-08-10 11:45 | Read:146 | Comments:0 | Tags:Other Adrian Sanabria Carbon Black Cb Response Cylance Direc

Alleged vDOS Operators Arrested, Charged

Two young Israeli men alleged by this author to have co-founded vDOS — until recently the largest and most profitable cyber attack-for-hire service online — were arrested and formally indicted this week in Israel on conspiracy and hacking charges. On Sept. 8, 2016, KrebsOnSecurity published a story about the hacking of vDOS, a service that attrac
Publish At:2017-08-09 17:20 | Read:196 | Comments:0 | Tags:Other applej4ck booter itay huri New York University p1st st

Critical Security Fixes from Adobe, Microsoft

Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on. More than two dozen of the vulnerabilities fixed in
Publish At:2017-08-08 18:25 | Read:129 | Comments:0 | Tags:Other Bleeping Computer Jimmy Graham Microsoft Patch Tuesday

Flash Player is Dead, Long Live Flash Player!

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out th
Publish At:2017-08-02 22:00 | Read:145 | Comments:0 | Tags:Other adobe apple Benjamin Smedberg exploit kits Facebook Fl

New Bill Seeks Basic IoT Security Standards

Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed
Publish At:2017-08-02 03:35 | Read:219 | Comments:0 | Tags:Other Aaron Swartz Berklett Cybersecurity Project Berkman Kl

Suspended Sentence for Mirai Botmaster Daniel Kaye

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things (IoT) devices for use in large-scale online attacks. Today, a German court issued a suspended sentence for Kaye, w
Publish At:2017-07-29 07:25 | Read:121 | Comments:0 | Tags:Other Agence France Presse BestBuy Daniel Kaye GovRAT Liberi

Gas Pump Skimmer Sends Card Data Via Text

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detected by anyone else with a mobile device. Now, investigators in th
Publish At:2017-07-27 10:10 | Read:112 | Comments:0 | Tags:Other GSM pump skimmers T-Mobile

How a Citadel Trojan Developer Got Busted

A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught. For several ye
Publish At:2017-07-25 21:20 | Read:191 | Comments:0 | Tags:Other Aquabox Citadel Citadel Trojan fbi Kolypto Mark Vartan

After AlphaBay’s Demise, Customers Flocked to Dark Market Run by Dutch Police

Earlier this month, news broke that authorities had seized the Dark Web marketplace AlphaBay, an online black market that peddled everything from heroin to stolen identity and credit card data. But it wasn’t until today, when the U.S. Justice Department held a press conference to detail the AlphaBay takedown that the other shoe dropped: Police in The N
Publish At:2017-07-21 06:30 | Read:217 | Comments:0 | Tags:Other Alexandre Cazes AlphaBay Andrew McCabe Bitcoin dark ma

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

Following today’s breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017. When U.S. authorities shuttered AlphaBay on July 5, police in The Netherlands saw a massive influx of AlphaBay re
Publish At:2017-07-21 06:30 | Read:292 | Comments:0 | Tags:Other AlphaBay takedown Europol fbi Hansa Market Petra Haand

Trump Hotels Hit By 3rd Card Breach in 2 Years

Maybe some of you missed this amid all the breach news recently (I know I did), but Trump International Hotels Management LLC last week announced its third credit-card data breach in the past two years. I thought it might be useful to see these events plotted on a timeline, because it suggests that virtually anyone who used a credit card at a Trump property
Publish At:2017-07-19 17:35 | Read:206 | Comments:0 | Tags:Other Four Seasons hotel breach Hard Rock breach Loews Hotel

Experts in Lather Over ‘gSOAP’ Security Flaw

Axis Communications — a maker of high-end security cameras whose devices can be found in many high-security areas — recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices. The problem wasn’t specific to Axis, which seems to have reacted far mor
Publish At:2017-07-18 23:10 | Read:178 | Comments:0 | Tags:Other Brian Karas Genivia gSOAP vulnerability IPVM mirai Rob

Porn Spam Botnet Has Evil Twitter Twin

Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting “online dating” programs — affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of
Publish At:2017-07-16 15:55 | Read:201 | Comments:0 | Tags:Other .tk AshleyMadison ASN19984 Deniro Marketing google par

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud