HackDig : Dig high-quality web security articles for hacker

See No Data, Hear No Data, Speak No Data: Overcoming the Challenges of Risk-Focused Data Management

The art and science known as risk management has been around for years. It is applied in a broad array of areas, including insurance, credit risk ratings, stock and other market risk ratings, foreign policy decisions, military responses and many others. The true irony is that, although risk management has been applied to many aspects of IT, such as change ma
Publish At:2017-09-14 21:10 | Read:161 | Comments:0 | Tags:Data Protection Risk Management Data Breach Data Management

Risk Governance: The True Secret Weapon of Cybersecurity

This season’s featured cybersecurity nightmare may be ransomware, but breaches of all kinds are going up in both numbers and cost. In response, security vendors are offering sophisticated — and costly — solutions to defend against evermore sophisticated attackers. However, the most effective protective measures have nothing to do with specific software
Publish At:2017-09-08 10:00 | Read:208 | Comments:0 | Tags:Risk Management Access Governance Access Management Cybercri

Is Your Company Secure by Design? Aligning Security With Business Objectives

The principle of security by design suggests that security needs to be aligned with business objectives. But what, exactly, does that mean and where should security professionals start? Below are some factors to consider when aligning security with business objectives. Best Practices for Aligning Security With Business Objectives First and foremost, give
Publish At:2017-09-07 15:10 | Read:170 | Comments:0 | Tags:Security Intelligence & Analytics Incident Response (IR) Ris

Shrink Your Enterprise Cloud Computing Security Concerns With a Cloud Vendor Risk Management Program

According to a recent Forrester report, enterprise cloud computing adoption accelerated in 2016 and will do so again in 2017. Software-as-a-service (SaaS) remains the largest portion of the public cloud market, with global spending expected to reach $105 billion in 2017 and $155 billion by 2020. Infrastructure-as-a-service (IaaS) and platform-as-a-service (
Publish At:2017-08-22 09:30 | Read:213 | Comments:0 | Tags:Cloud Security Risk Management Cloud Cloud Adoption Cloud Co

Eight Myths Not to Believe About Penetration Testing

Penetration testing — the process of trying to break into one’s own system to find vulnerabilities before cybercriminals do — is an integral part of information security. The data gleaned from these evaluations can help companies remediate flaws in their security infrastructure before fraudsters have a chance to expose them. Dispelling Eight Penetratio
Publish At:2017-08-10 20:40 | Read:247 | Comments:0 | Tags:Data Protection Risk Management Data Breaches Penetration Te

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:234 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

Caveat Emptor: Identifying Insider Threats Acquired From Mergers and Acquisitions

With all the industry studies, articles and literature related to insider threats, it is baffling to see that very few have focused on how insider threats are acquired — in fact, paid for — during a merger and acquisition process. Organizations are so fixated on driving profits and staying competitive that they gobble up any tangible asset they can. Compani
Publish At:2017-08-02 12:30 | Read:342 | Comments:0 | Tags:Risk Management Acquisition audit Insider Threat Risk Risk A

Don’t Sit Back and Wait for Security Risks to Disappear

Risk management is the essence of what we do as information security professionals. We identify key security risks and analyze those risks in the context of the business. We then communicate the confirmed or potential outcomes to management. Finally, we decide — or wait for decisions — on how to respond. Misguided Decisions Many security challenges begin at
Publish At:2017-05-24 19:10 | Read:414 | Comments:0 | Tags:CISO Risk Management Chief Information Security Officer (CIS

The Looming Threat of Health Care IoT Devices

A computer generation or two ago, IT managers fought a futile uphill battle to prevent rogue PCs from infiltrating the workplace, a battle fought largely in the name of data security. Their thinking was that if IT couldn’t manage it, they couldn’t secure it. Is history repeating itself with health care IoT devices? Fast forward to the present h
Publish At:2017-05-15 14:00 | Read:781 | Comments:0 | Tags:Endpoint Health Care Network Connected Devices Health Care D

Ransomware app hosted in Google Play infects unsuspecting Android user

reader comments 53 Share this story Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday.The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security fi
Publish At:2017-01-25 07:30 | Read:712 | Comments:0 | Tags:Gear & Gadgets Risk Assessment Technology Lab android charge

Already on probation, Symantec issues more illegit HTTPS certificates

reader comments 43 Share this story A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected w
Publish At:2017-01-21 11:20 | Read:1148 | Comments:0 | Tags:Law & Disorder Risk Assessment certificate authorities PKI P

NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage

reader comments 59 Share this story Shadow Brokers, the mysterious group that gained international renown when it published hundreds of advanced hacking tools belonging to the National Security Agency, says it's going dark. But before it does, it's lobbing a Molotov cocktail that's sure to further inflame the US intelligence community.
Publish At:2017-01-13 00:45 | Read:1843 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab exploits hacki

Online databases dropping like flies, with >10k falling to ransomware groups

reader comments 62 Share this story More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.The affected data is created and stored by the open source MongoDB database application, according to researchers who h
Publish At:2017-01-07 09:50 | Read:1315 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab mongodb ransom

Fake Pokémon Go app on Google Play infects phones with screenlocker

Badware purveyors trying to capitalize on the ongoing Pokémon Go frenzy have achieved an important milestone by sneaking their fake wares into the official Google Play marketplace, security researchers said Friday.Researchers from antivirus provider Eset report finding at least three such apps in the Google-hosted marketplace. Of the three, the one titled "P
Publish At:2016-07-16 04:05 | Read:1407 | Comments:0 | Tags:Gear & Gadgets Risk Assessment Technology Lab android google

Crypto flaw made it easy for attackers to snoop on Juniper customers

As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos
Publish At:2016-07-15 09:45 | Read:1765 | Comments:0 | Tags:Risk Assessment Technology Lab backdoors cryptography encryp

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud