HackDig : Dig high-quality web security articles

Apple Scraps CSAM Detection Tool for iCloud Photos

Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.Instead, the Cupertino, California device maker said it would expand investments into different tooling and features to warn children if they receive or a
Publish At:2022-12-08 14:29 | Read:30298 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

Watch out for this triple threat PayPal phish

ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called “triple threat” phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics fails, there are two more waiting in the win
Publish At:2022-12-08 14:18 | Read:15432 | Comments:0 | Tags:News PayPal scam phish phishing fraud email telephone call s

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.A lobbying outfit representing big tech is calling on the federal government’s Office of Management and Budget (OMB) to “discourage agencies” from requiring
Publish At:2022-12-07 18:26 | Read:37811 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Google Documents IE Browser Zero-Day Exploited by North Korean Hackers

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.Tracked as CVE-2022-41128 (CVSS score of 8.8), the vulnerability was identified in the browser’s ‘JScript9’ JavaScript engine and can be exploited by remote attackers to execute arbitrary co
Publish At:2022-12-07 18:26 | Read:30976 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Investors Pour $200M Into Compliance Automation Startup Drata

High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.The $200 million cash infusion comes less than two years after the San Diego, Calif-based company emerged from stealth with ambitious plans to design an
Publish At:2022-12-07 14:28 | Read:45365 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

'Scattered Spider' Cybercrime Group Targets Mobile Carriers via Telecom, BPO Firms

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile carrier networks and perform SIM swapping, cybersecurity firm CrowdStrike warns.A financially-motivated threat actor, Scattered Spider has been observed increasingly targeting the telecoms industr
Publish At:2022-12-06 11:55 | Read:48059 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Fraud & Identity The

Main phishing and scamming trends and techniques

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord. The history of scams and phishing The term &
Publish At:2022-12-06 07:34 | Read:56586 | Comments:0 | Tags:Publications Cybercrime Fraud Instant Messengers Phishing Ph

Balance Theory Scores Seed Funding for Secure Workspace Collaboration

Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding round.The Columbia, Maryland-based Balance Theory said the early-stage investment was led by DataTribe with participation from TEDCO.Balance Theory, the brainchild of former Decision Lab founders Greg B
Publish At:2022-12-05 14:28 | Read:42982 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

One Year Later: Log4Shell Remediation Slow, Painful Slog

Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.According to telemetry data from vulnerability scanning pioneer Tenable, more than 70 percent of scanned organizations remain vulnerable to t
Publish At:2022-11-30 14:29 | Read:97356 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Investors Bet $31 Million on Sphere for Identity Hygiene Tech

Venture capital investors have invested another $31 million into Sphere Technology Solutions, a New Jersey startup building technology to help defenders manage identities and access to sensitive data.Sphere, a woman-owned company led by Rita Gurevich, said the $31 million Series B was led by growth equity firm Edison Partners. Forgepoint Capital, the venture
Publish At:2022-11-30 10:30 | Read:80341 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discove
Publish At:2022-11-29 17:37 | Read:93070 | Comments:0 | Tags:Cybersecurity Microsoft security intelligence Phishing ranso

Project Zero Flags 'Patch Gap' Problems on Android

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices.In a research note documenting the discovery of an in-the-wild Android exploit targeting a flaw in the ARM Mali GPU dri
Publish At:2022-11-28 14:28 | Read:113188 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Consumer cyberthreats: predictions for 2023

The consumer threat landscape constantly changes. Although the main types of threats (phishing, scams, malware, etc.) remain the same, lures that fraudsters use vary greatly depending on the time of year, current major events, news, etc. This year, we have seen spikes in cybercriminal activity aimed at users amid the shopping and back-to-school season, big p
Publish At:2022-11-28 04:51 | Read:78278 | Comments:0 | Tags:Kaspersky Security Bulletin Cyberbullying Cybercrime Data Pr

Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse

Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.According to a new report from Proofpoint, Nighthawk is an advanced C2 framework sold by MDSec, a European outfit that sells adversary simulation an
Publish At:2022-11-23 14:28 | Read:87319 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Mobile Secu

Watch Out for These 3 World Cup Scams

What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and
Publish At:2022-11-23 02:22 | Read:77570 | Comments:0 | Tags:Privacy & Identity Protection Phishing online scams travel s

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud