HackDig : Dig high-quality web security articles for hacker

SANS Maturity Model Webinar Describes How to Grow Your Security Strategy

Setting your security strategy is a challenging task that comes with lot of opinions (and vendors!). SANS provides a rationale for growing protection that is logically calibrated to growth and expanding needs. Register for this webinar and even if you can’t make it, we’ll send you the recording (and a whitepaper). With so many security solution
Publish At:2017-10-21 16:25 | Read:100 | Comments:0 | Tags:Innovation maturity model recording registration SANS Securi

Securing smart grid and advanced metering infrastructure

The year is 2020, high economic, military and cultural tension between Russia & the US. You are at the London office, entering a video meeting with the sales team in America, the American team presents with enthusiasm the sales achievement of the recent quarter, then, suddenly the call is disconnected. You are trying to re-establish the connection with n
Publish At:2017-10-06 11:30 | Read:164 | Comments:0 | Tags:Breaking News Security critical infrastructure cyber securit

Russian firm provides North Korea with second Internet route

Dyn Research discovered traffic coming from North Korea running over the Russian TransTeleCom network, this is the second internet route of the regime. North Korea gets a second Internet connection thanks to the support of a state-owned Russian firm. From the perspective of security analysts, this second connection will improve in a significant way the cyber
Publish At:2017-10-05 17:05 | Read:151 | Comments:0 | Tags:Breaking News Security DDoS Hacking North Korea Pyongyang

Which are most frequently blacklisted apps by enterprises?

Mobile security firm Appthority published an interesting report that revealed which Android and iOS applications are most frequently blacklisted by enterprises. The company Appthority has published an interesting report that reveals which mobile apps, both Android and iOS, are most frequently blacklisted by enterprises. “The mobile ecosystem in an ente
Publish At:2017-10-04 22:40 | Read:149 | Comments:0 | Tags:Breaking News Mobile Reports Security blacklisted apps BYOD

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:234 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

High-severity flaw opens Siemens Industrial Switches to attacks

Siemens has started releasing security patches to fix a high severity access control vulnerability in its industrial switches tracked as CVE-2017-12736. The flaw was discovered by experts at Siemens and could be exploited by remote attackers to hack some of Siemens industrial communications devices. The vulnerability affects SCALANCE X industrial Ethernet sw
Publish At:2017-10-01 02:25 | Read:171 | Comments:0 | Tags:Breaking News Hacking Security access control vulnerability

Strong Passwords Don’t Have to be Hard to Remember

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords. Fourteen yea
Publish At:2017-09-29 22:40 | Read:118 | Comments:0 | Tags:Security b2b passwords

FBI Director – Terrorists could launch drone attacks very soon

FBI director Christopher Wray warns of terrorists are planning to use drones in attacks, the threat is considered as imminent. This week, FBI Director Christopher Wray warned Congress that terrorists may use drones in attacks against the United States, the official described the threat as imminent. “We do know that terrorist organizations have an inter
Publish At:2017-09-29 12:55 | Read:165 | Comments:0 | Tags:Breaking News Security Terrorism Drone FBI ISIS US

WiNX: The Ultra-Portable Wireless Attacking Platform

When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase your toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for years (model MK5). It’s not
Publish At:2017-09-29 02:25 | Read:115 | Comments:0 | Tags:Pentesting Security Social Engineering Hardware WiFi WiNX Wi

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:230 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

Oracle releases security patches for Apache Struts CVE-2017-9805 Flaw exploited in the wild

Oracle fixed several issues in the Apache Struts 2 framework including the flaw CVE-2017-9805 that has been exploited in the wild for the past few weeks. Oracle has released patches for vulnerabilities affecting many of its products, the IT giant has fixed several issues in the Apache Struts 2 framework, including the flaw CVE-2017-9805 that has been exploit
Publish At:2017-09-26 11:00 | Read:173 | Comments:0 | Tags:Breaking News Security CVE-2017-9805 Hacking RCE flaw REST S

Google released a Chrome 61 update that patches 2 High-Risk Flaws

Google has just released an updated version of Chrome 61, version 61.0.3163.100, that addresses 3 security flaws, two of which rated high-severity. The new version is already available for Windows, Mac, and Linux users and includes a total of three vulnerabilities. The first high-risk bug, tracked as CVE-2017-5121, is an Out-of-bounds access in V8 reported b
Publish At:2017-09-23 09:15 | Read:70 | Comments:0 | Tags:Breaking News Security Bug Bounty Chrome High-Risk Flaws Goo

The Impact of the Blockchain on Cybersecurity

Since its appearance in 2009, the concept of the blockchain has expanded past its initial use as the base of bitcoin into many other areas. By its nature, this distributed database provides the perfect platform for the management of cryptocurrency. But its features have attracted the attention of experts interested in a broad array of other applications. Pos
Publish At:2017-09-23 00:30 | Read:267 | Comments:0 | Tags:Security b2b blockchain cybersecurity

Was Torrent Site The Pirate Bay Being Sneaky or Creative By Tricking Visitors Into Monero Mining

Users noticed a cryptocurrency miner surfaced on The Pirate Bay, the world’s largest torrenting for a day over the weekend. Pop quiz: would you rather A) see ad banners displayed at the top of the website, or B) mine Monero cryptocurrency when you visit a website? Judging by the number of downloads for ad blocking browser extensions, no one likes banner ads.
Publish At:2017-09-19 13:05 | Read:179 | Comments:0 | Tags:Breaking News Hacking Security Bitcoin miner Monero Pirate B

Shadow IT: How to Protect Something You Didn’t Know Was There

We know that to secure a network, we need to control every single thing that happens on it. But this becomes especially difficult when there are points of the network that we don’t even know about. How can we combat an enemy that moves in the shadows? What is Shadow IT? Such blind spots fall under what is called Shadow IT, a term used to describe unapproved
Publish At:2017-09-19 04:15 | Read:161 | Comments:0 | Tags:Security b2b shadow it

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud