HackDig : Dig high-quality web security articles for hacker

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:185 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Risk Governance: The True Secret Weapon of Cybersecurity

This season’s featured cybersecurity nightmare may be ransomware, but breaches of all kinds are going up in both numbers and cost. In response, security vendors are offering sophisticated — and costly — solutions to defend against evermore sophisticated attackers. However, the most effective protective measures have nothing to do with specific software
Publish At:2017-09-08 10:00 | Read:226 | Comments:0 | Tags:Risk Management Access Governance Access Management Cybercri

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:270 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

The Living Dead: How to Protect Legacy Systems

The recent widespread attacks of WannaCry and NotPetya both used known vulnerabilities of legacy operating systems, namely SMB v1 protocol. In general, known vulnerabilities are easy to mitigate as long as patches and updates are provided. But in these cases, many organizations seem to have ignored the advice to patch their systems — or maybe not. There ar
Publish At:2017-07-20 21:00 | Read:260 | Comments:0 | Tags:Network Risk Management Legacy Applications legacy systems n

Going Through a Rough Patch in Your Security Program? Consistent Software Patching Can Solve Security Woes

Security is an imperfect art. It’s also an imperfect science. Whether it involves experimenting with certain tweaks or implementing proven standards and prescriptive advice, figuring out how to manage a security program is as complex as navigating any other business function. According to the Pareto Principle, security professionals should focus on the
Publish At:2017-07-03 23:50 | Read:282 | Comments:0 | Tags:Endpoint Network Risk Management Adobe Patch Patch Managemen

Relying on Data to Mitigate the Risk of WordPress Website Hijacking

One of the most common methods cybercriminals use to deliver phishing and malware to unsuspecting users is compromising legitimate websites, such as those hosted on WordPress, to house their own malicious content for free. The URLs of compromised sites used for phishing attacks reach users through spam emails, allowing security professionals to keep track of
Publish At:2017-05-30 22:30 | Read:657 | Comments:0 | Tags:Fraud Protection Risk Management Software & App Vulnerabilit

How Basic Endpoint Patching Helps Protect Against Ransomware and Other Attacks

On Friday, a group of unknown threat actors carried out one of the largest cyberattacks of its kind, which infected hundreds of thousands of computers in 150 countries. The ransomware, known as WannaCry, exploits a Microsoft Windows OS vulnerability that was patched in Microsoft’s Security Bulletin two months ago. The universal advice was straightforwa
Publish At:2017-05-18 15:40 | Read:596 | Comments:0 | Tags:Endpoint Endpoint Management Endpoint Protection IBM BigFix

Cybersecurity Virtualization Expert Ian Pratt Explains WannaCry Exploit (Video)

Ian Pratt, co-founder of Bromium and a virtualization expert was interviewed by Sky News. The video clip below shows how the malware arrived and how it deployed. This is the first of what will be many likely exploits in the months to come. WannaCry is likely the first of many global cybersecurity events that will put our collective economies at risk. From
Publish At:2017-05-15 01:25 | Read:691 | Comments:0 | Tags:Breaking News cybersecurity ian pratt infosec interview micr

WannaCry Ransomware Racing Around the World, Wreaking Havoc

This is a special rapid response blog to breaking news about the WannaCry ransomware attack that is now being seen in more than 100 countries. We’ll be updating our blog with additional news as we learn more.  “No x-rays/bloods/bleeps/phones/notes. This is unprecedented. It will be a miracle if no-one comes to harm.” This dramatic tweet from an Nationa
Publish At:2017-05-13 12:35 | Read:569 | Comments:0 | Tags:Breaking News Threats breach breaking news endpoint microsof

The Apache Struts 2 Vulnerability and the Importance of Patch Management

Apache Struts is a free, open source framework for creating Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media. In early March 2017, Apache released a patch for the Struts 2 framework. The patch fixes an easy-to-exploit vulnerability that allows attacker
Publish At:2017-04-25 12:20 | Read:634 | Comments:0 | Tags:Application Security Endpoint Apache Incident Response (IR)

Over 70% of Android Devices Don’t Have Latest Security Patch Installed

According to recent research, the majority of Android devices are running security patches that are months old, leaving users vulnerable to attacks.Mobile security company Skycure released the findings of its Q4 2016 Mobile Threat Intelligence Report, revealing that over 70 percent of Android phones lack the latest security patches.The company evaluated Andr
Publish At:2017-03-25 05:00 | Read:939 | Comments:0 | Tags:Latest Security News Android Google mobile patch

Device already infected with Pegasus? Updating your OS won’t help

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat. T
Publish At:2016-09-03 11:45 | Read:762 | Comments:0 | Tags:Security 9.3.5 mobile attack mobile security mobile spyware

Pegasus and Trident: Your questions answered

Since Lookout first announced our discovery of the Pegasus attack and Trident vulnerabilities in partnership with Citizen Lab, we’ve received many clarifying questions from security professionals. In this series we’re answering the top queries we’ve received to help you better understand the facts around this unprecedented mobile threat. P
Publish At:2016-09-03 11:45 | Read:1154 | Comments:0 | Tags:Security 9.3.5 CIO CISO encryption iOS MDM mobile attack mob

Android June Security Bulletin: Vulnerabilities increasing

Google released its monthly Android Security Bulletin this week. The TL;DR is there are 40 new security patches, the vast majority of which are “critical” or “high” concern. This makes a total of 162 vulnerabilities reported via the monthly Android Security Bulletin for 2016. The vulnerabilities fixed this month range from remote code execution to privilege
Publish At:2016-06-10 22:30 | Read:991 | Comments:0 | Tags:Uncategorized android Android Security Bulletin google mobil

Supermarket Skimming, Loyalty Card Scams, VTech Hack Arrest, and more | TWIC - December 18, 2015

<img alt="TWIC_branding" src="http://info.phishlabs.com/hs-fs/hub/326665/file-1326531266-png/TWIC_branding.png" style="width: 225px;" width="225"> <p><em>Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).</em></p> <p></p> <ul&g
Publish At:2015-12-18 17:25 | Read:852 | Comments:0 | Tags:Phishing Malware PhishLabs Hacker Tools The Week in Cybercri

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud