HackDig : Dig high-quality web security articles for hackers

CISO Conversations: Intel, Cisco Security Chiefs Discuss the Making of a Great CISO

In this installment of SecurityWeek’s CISO Conversations series, we talk to two veteran security leaders in the technology sector: Brent Conran, CISO at Intel Corp., and Chris Leach, Senior CISO Advisor at Cisco Systems. The purpose, as always in this series, is to understand what makes a successful modern CISO.Organizational hierarchyThe enduring quest
Publish At:2021-01-26 11:41 | Read:108 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Management & Strateg

Google Says Chrome Cookie Replacement Plan Making Progress

Google says it’s making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials.The company gave an update Monday on its work to remove from its Chrome browser so-called third-party cookies, which are used by a website’s advertisers or partners and can be used to track a
Publish At:2021-01-26 11:41 | Read:66 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Identity & Access Risk Manag

Russian Hack of US Agencies Exposed Supply Chain Weaknesses

The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.Instead, they got inside by sneaking malicious code into a software update pushed out to thousands of government agencies and private companies.It wasn’t surprising that hackers were able
Publish At:2021-01-25 12:17 | Read:61 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Incident Response Ri

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.With Microsoft Edge 88.0.705.50 now rolling out, users get a built-in strong password ge
Publish At:2021-01-22 14:05 | Read:114 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks

Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week.The Windows RDP service is designed to allow users to remotely connect to servers and other devices, often for p
Publish At:2021-01-22 10:11 | Read:143 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats Ide

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers

Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational security (OPSEC).The attackers, which some believe to be sponsored by Russia, breached SolarWinds’ systems i
Publish At:2021-01-21 14:41 | Read:95 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em

In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track

Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their StakeholdersIn the Spring of 2020, COVID-19 hit home for most Americans. At that point, we went from hearing whispers about an overseas virus to knowing we were dealing with a deadly pandemic steadily making its way to the United States. Despite deca
Publish At:2021-01-20 15:17 | Read:108 | Comments:0 | Tags:INDUSTRY INSIGHTS Incident Response Risk Management Manageme

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users. Since December 2020, it penetrated over 10 Demand Side Platforms (DSP), primarily Europe-based, with obse
Publish At:2021-01-20 15:17 | Read:151 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security F

DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks

Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.The vulnerabilities, collectively tracked as DNSpooq, impact Dnsmasq, a widely used piece of open source software designed to provide DNS
Publish At:2021-01-20 08:45 | Read:143 | Comments:0 | Tags:Network Security NEWS & INDUSTRY SCADA / ICS Risk Manage

Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million

The Ryuk ransomware criminal enterprise is estimated to be worth more than $150,000,000, security researchers say.Initially detailed in 2018 and believed to be operated by Russian cybercriminals, Ryuk has become one of the most prevalent malware families, being used in various high-profile attacks, such as the targeting of Pennsylvania-based UHS and Alabama
Publish At:2021-01-18 16:29 | Read:178 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Fr

Data Security Startup Qohash Raises $6 Million

Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.Founded in 2018, the Quebec-based company provides customers with solutions focused on data discovery and classification, helping enterprises monitor data across their environments. Fu
Publish At:2021-01-15 18:17 | Read:147 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

CISA Warns Organizations About Attacks on Cloud Services

In light of successful cyberattacks targeting organizations’ cloud services, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a series of recommendations on how businesses can improve their cloud security.The attacks observed by CISA exploit poor cyber hygiene practices within cloud services configurations, and the agency says t
Publish At:2021-01-14 14:59 | Read:149 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Risk Management Cl

Peaks and Valleys: The Mental Health Side of Cybersecurity Risk Management

There is one risk cybersecurity experts often overlook: burnout. We can build on threat detection and incident response capabilities and use cybersecurity risk management frameworks, such as NIST CSF, to improve our overall risk posture all we want without ever looking inward. Because burnout is internal, we may not always see it. But left unmanag
Publish At:2021-01-12 11:15 | Read:214 | Comments:0 | Tags:CISO Risk Management cybersecurity education Cybersecurity C

NSA Publishes Cybersecurity Year in Review Report

The United States National Security Agency (NSA) has released its 2020 Cybersecurity Year in Review report, which summarizes the NSA Cybersecurity Directorate's first full year of operation.The Cybersecurity Directorate was formally announced in July 2019, with a focus on protecting national security networks and the defense industrial base. Led by Ms. Anne
Publish At:2021-01-12 00:35 | Read:229 | Comments:0 | Tags:NEWS & INDUSTRY Incident Response Risk Management securi

Experts Weigh In on Cybersecurity Risks of Capitol-Like Attacks

Hundreds of protesters stormed the U.S. Capitol on Wednesday just as the House and Senate were certifying the election victory of Joe Biden. While much of the focus was on the physical destruction caused by the protesters, many people have pointed out that rioters gained access to computers in the Capitol, which in some cases were still turned on and logged
Publish At:2021-01-10 09:35 | Read:245 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Incident Response Risk

Tools

Tag Cloud