HackDig : Dig high-quality web security articles for hacker

Don’t Sit Back and Wait for Security Risks to Disappear

Risk management is the essence of what we do as information security professionals. We identify key security risks and analyze those risks in the context of the business. We then communicate the confirmed or potential outcomes to management. Finally, we decide — or wait for decisions — on how to respond. Misguided Decisions Many security challenges begin at
Publish At:2017-05-24 19:10 | Read:254 | Comments:0 | Tags:CISO Risk Management Chief Information Security Officer (CIS

The Looming Threat of Health Care IoT Devices

A computer generation or two ago, IT managers fought a futile uphill battle to prevent rogue PCs from infiltrating the workplace, a battle fought largely in the name of data security. Their thinking was that if IT couldn’t manage it, they couldn’t secure it. Is history repeating itself with health care IoT devices? Fast forward to the present h
Publish At:2017-05-15 14:00 | Read:469 | Comments:0 | Tags:Endpoint Health Care Network Connected Devices Health Care D

Ransomware app hosted in Google Play infects unsuspecting Android user

reader comments 53 Share this story Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday.The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security fi
Publish At:2017-01-25 07:30 | Read:544 | Comments:0 | Tags:Gear & Gadgets Risk Assessment Technology Lab android charge

Already on probation, Symantec issues more illegit HTTPS certificates

reader comments 43 Share this story A security researcher has unearthed evidence showing that three browser-trusted certificate authorities (CAs) owned and operated by Symantec improperly issued more than 100 unvalidated transport layer security certificates. In some cases, those certificates made it possible to spoof HTTPS-protected w
Publish At:2017-01-21 11:20 | Read:850 | Comments:0 | Tags:Law & Disorder Risk Assessment certificate authorities PKI P

NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage

reader comments 59 Share this story Shadow Brokers, the mysterious group that gained international renown when it published hundreds of advanced hacking tools belonging to the National Security Agency, says it's going dark. But before it does, it's lobbing a Molotov cocktail that's sure to further inflame the US intelligence community.
Publish At:2017-01-13 00:45 | Read:1162 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab exploits hacki

Online databases dropping like flies, with >10k falling to ransomware groups

reader comments 62 Share this story More than 10,000 website databases have been taken hostage in recent days by attackers who are demanding hefty ransoms for the data to be restored, a security researcher said Friday.The affected data is created and stored by the open source MongoDB database application, according to researchers who h
Publish At:2017-01-07 09:50 | Read:1026 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab mongodb ransom

Fake Pokémon Go app on Google Play infects phones with screenlocker

Badware purveyors trying to capitalize on the ongoing Pokémon Go frenzy have achieved an important milestone by sneaking their fake wares into the official Google Play marketplace, security researchers said Friday.Researchers from antivirus provider Eset report finding at least three such apps in the Google-hosted marketplace. Of the three, the one titled "P
Publish At:2016-07-16 04:05 | Read:1122 | Comments:0 | Tags:Gear & Gadgets Risk Assessment Technology Lab android google

Crypto flaw made it easy for attackers to snoop on Juniper customers

As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks.In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos
Publish At:2016-07-15 09:45 | Read:1262 | Comments:0 | Tags:Risk Assessment Technology Lab backdoors cryptography encryp

Paint it black: Revisiting the Blackphone and its cloudy future

When we reviewed the Blackphone 2 last September, the company behind the privacy-focused smartphone was in transition. Silent Circle had moved to bring the Blackphone joint venture with the Madrid-based Geeksphone back under its umbrella, hired a telecom industry veteran as CEO, and was fine-tuning its marketing to go after an enterprise audience. The phone’
Publish At:2016-07-14 15:25 | Read:1200 | Comments:0 | Tags:Gear & Gadgets Risk Assessment Technology Lab Cloud

20-year-old Windows bug lets printers install malware—patch now

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.The vulnerability res
Publish At:2016-07-14 15:25 | Read:918 | Comments:0 | Tags:Risk Assessment Technology Lab exploits Microsoft Windows pa

Bug bounties and automotive firewalls: Dealing with the car hacker threat

As we have seen in the past couple of years, car hacking is becoming an ever-greater threat. Many of the systems in our vehicles—and the standards to which they were designed—predate the connected car era. And so computerized vehicle systems lack some of the basic kinds of security that we would otherwise expect as default given the ramifications of a hack.
Publish At:2016-07-14 15:25 | Read:1105 | Comments:0 | Tags:Cars Technica Risk Assessment car hacking

In wake of Appelbaum fiasco, Tor Project shakes up board of directors

Further ReadingTor developer Jacob Appelbaum quits after “sexual mistreatment” allegations [Updated]Tor: new claims "consistent with rumors some of us had been hearing for some time."Over a month after a prominent staffer at the Tor Project left the organization amid public accusations of sexual misconduct, the project has shaken up its entire seven-person b
Publish At:2016-07-14 15:25 | Read:1048 | Comments:0 | Tags:Risk Assessment board Tor Project

FDIC was hacked by China, and CIO covered it up

A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief
Publish At:2016-07-14 15:25 | Read:815 | Comments:0 | Tags:Risk Assessment Technology Lab

Nation-backed malware that infected energy firm is 1 of 2016’s sneakiest

A campaign that targeted a European energy company wielded malware that's so sneaky and advanced it almost certainly is the work of a wealthy nation, researchers said Tuesday.Further ReadingFirst known hacker-caused power outage signals troubling escalationHighly destructive malware creates "destructive events" at 3 Ukrainian substations.The malware contains
Publish At:2016-07-13 02:40 | Read:1130 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab Energy malware

Now it’s easy to see if leaked passwords work on other sites

Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other
Publish At:2016-07-12 08:25 | Read:1029 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab account creden


Share high-quality web security related articles with you:)


Tag Cloud