HackDig : Dig high-quality web security articles

How the Silk Road Affair Changed Law Enforcement

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin.  Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI shut it down. Its creator was eventually arrested and sentenced to life in prison. But in a plot twist right out of
Publish At:2023-01-30 11:38 | Read:24994 | Comments:0 | Tags:Risk Management Bitcoin crypto crime Cryptocurrency cryptocu

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “g
Publish At:2023-01-26 15:36 | Read:60450 | Comments:0 | Tags:Mobile Security Risk Management App Security Apple Apple App

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, c
Publish At:2023-01-26 11:38 | Read:38935 | Comments:0 | Tags:Data Protection Risk Management Cybersecurity Data Security

Too Much Caffeine? Phishing-as-a-Service Makes Us Jittery

Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking.  Sounds like a typical Software-as-a-Service (SaaS) operation, right? Well, this time
Publish At:2023-01-24 11:38 | Read:86696 | Comments:0 | Tags:Risk Management Phishing phishing as a service Phishing Atta

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services.  Nearly anything from popular consumer and enterprise platforms to critical inf
Publish At:2023-01-23 11:38 | Read:55136 | Comments:0 | Tags:Risk Management Security Services zero day log4shell log4j o

Majority of GAO's Cybersecurity Recommendations Not Implemented by Federal Agencies

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December 2022, the US Government Accountability Office (GAO) says in a new report.Since 1997, the GAO has been regarding information security as a government-wide high-risk area and expanded it twice since: in 20
Publish At:2023-01-23 10:32 | Read:55843 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Security Architecture Ma

A Change in Mindset: From a Threat-based to Risk-based Approach to Security

Bad actors find themselves at a constant advantage. They can determine when, where, and how they will attack an enterprise, using time and patience to pick the moment they want to strike.As cybersecurity professionals, we constantly find ourselves fighting an uphill battle. The growth of cloud computing, remote employees, and Software-as-a-Service applicatio
Publish At:2023-01-20 10:32 | Read:100893 | Comments:0 | Tags:INDUSTRY INSIGHTS Risk Management security

Chainguard Trains Spotlight on SBOM Quality Problem

Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.According to new data from software supply chain security startup Chainguard, SBOMs being generated by existing tools fail to meet the minimum da
Publish At:2023-01-19 18:28 | Read:79085 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Email Security Fraud &

Synthetic Media Creates New Social Engineering Threats

Social engineering attacks have challenged cybersecurity for years. No matter how strong your digital security, authorized human users can always be manipulated into opening the door for a clever cyber attacker.  Social engineering typically involves tricking an authorized user into taking an action that enables cyber attackers to bypass physical or di
Publish At:2023-01-19 15:36 | Read:57975 | Comments:0 | Tags:Risk Management augmented reality generative adversarial net

What the New Federal Cybersecurity Act Means for Businesses

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The risk of quantum-powered password decryption is increasing exponentially. The new legislation is designed to help federal agencies proactively shift to a post-quantum security posture. Agencies have until May 4, 2023, to submit an inventory of potentially v
Publish At:2023-01-18 11:38 | Read:93958 | Comments:0 | Tags:Government Risk Management quantum security quantum cryptogr

What is the Future of Password Managers?

In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application.  Password managers have one vital job: keep your sensitive login credentials secret, s
Publish At:2023-01-17 11:38 | Read:79393 | Comments:0 | Tags:Identity & Access Risk Management barrel phishing Identity a

Hack the Pentagon 3.0 Bug Bounty Program to Focus on Facility Control Systems

The US Department of Defense (DoD) is getting ready to launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related Controls System (FRCS) network.Hack the Pentagon was launched in 2016 on HackerOne, when the DoD invited ethical hackers to find and report security defects in Pentagon’s public web pages.
Publish At:2023-01-16 10:32 | Read:99540 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Risk Management Vulnerabilities M

Why SMB Cybersecurity May Be Changing for the Better

Cyberattacks represent a serious problem for small to medium-sized businesses (SMBs). Consider that in 2019, 43% of attackers went after small businesses, and in 2021, 60% of SMBs said they were victimized by a cyberattack. Even more worrisome? For small and midsize businesses, cyberattack impacts go beyond downtime, lost data and reduced consumer trust. Ac
Publish At:2023-01-13 11:38 | Read:55883 | Comments:0 | Tags:Risk Management small business cyber attacks small business

Now You SIEM, Now You Don’t —Six Failures of Cybersecurity

Security information and event management (SIEM) frameworks are essential for enterprises to monitor, manage and mitigate the impact of evolving cyberattacks. As the number of threats and the financial impact of breaches increase, these frameworks are even more crucial. Consider ransomware. Since 2020, more than 130 different strains of these encryption and
Publish At:2023-01-12 15:36 | Read:132360 | Comments:0 | Tags:Risk Management SEIM operational technology Cyberattacks Cyb

How Security Teams Combat Disinformation and Misinformation

“A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we’re talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but
Publish At:2023-01-12 11:38 | Read:78074 | Comments:0 | Tags:Fraud Protection Risk Management disinformation misinformati

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud