HackDig : Dig high-quality web security articles

Samsung Galaxy S22 gets hacked in 55 seconds at Pwn2Own Toronto

On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.Security researchers representing penetration test provider Pentest Limited pulled this off after demoing a zero-day bug part of a successful Improper Input Validation attack against Samsun
Publish At:2022-12-09 12:14 | Read:5099 | Comments:0 | Tags:Security hack

Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartph
Publish At:2022-12-09 11:50 | Read:4220 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are
Publish At:2022-12-09 11:37 | Read:7299 | Comments:0 | Tags:Banking & Finance Data Protection Risk Management Banking Ba

Apple’s Advanced Data Protection and Other Features Harden Security

Apple has announced a trio of new security and privacy features for its operating systems and devices. iMessage Contact Key Verification, support for security keys, and Advanced Data Protection will turn Apple devices into some of the most secure available. These three features will be rolling out through 2023. Here’s what they are and how they will
Publish At:2022-12-09 09:10 | Read:22052 | Comments:0 | Tags:Apple encryption privacy security

Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series

Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct DoS attacks. Cisco disclosed a high-severity vulnerability, tracked as CVE-2022-20968, impacting its IP Phone 7800 and 8800 Series (except Cisco Wireless IP Phone 8821). An unauthenticated, adjacent attacker can trigger the flaw to cause a
Publish At:2022-12-09 08:28 | Read:18214 | Comments:0 | Tags:Breaking News Security Cisco IP phone hacking news informati

Zero Standing Privileges (ZSP) for Organizations: Less Privileges, More Security

In complex environments, the need for privilege solutions has grown. Typically, companies with network infrastructure or critical data have personal privileged accounts set up, while traditional Privileged Access Management (PAM) tools rely on the creation of accounts and privileges. As a result, enterprises are encountering a problem that’s known as Z
Publish At:2022-12-09 08:11 | Read:17171 | Comments:0 | Tags:Access Management security privilege

Experts devised a technique to bypass web application firewalls (WAF) of several vendors

Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on
Publish At:2022-12-09 07:52 | Read:20292 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

CyberDanube Security Research 20221130-0 | Multiple Vulnerabilities in Delta Electronics DX-2100-L1-CN

CyberDanube Security Research 20221130-0-------------------------------------------------------------------------------               title| Multiple Vulnerabilities             product| Delta Electronics DX-2100-L1-CN  vulnerable version| V1.5.0.10       fixed version| V1.5.0.12          CVE number| -              impact| High            homepage| https://w
Publish At:2022-12-08 23:47 | Read:37406 | Comments:0 | Tags: security cyber

CyberDanube Security Research 20221130-1 | Authenticated Command Injection in Delta Electronics DVW-W02W2-E2

CyberDanube Security Research 20221130-1-------------------------------------------------------------------------------               title| Authenticated Command Injection             product| Delta Electronics DVW-W02W2-E2  vulnerable version| V2.42       fixed version| V2.5.2          CVE number| -              impact| High            homepage| https://ww
Publish At:2022-12-08 23:47 | Read:32522 | Comments:0 | Tags: security cyber

5 SaaS security best practices

Just about anywhere you look, organizations are relying on Software-as-a-Service (SaaS) apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to reap the benefits of the cloud, these services are del
Publish At:2022-12-08 22:14 | Read:31735 | Comments:0 | Tags:Business security

CommonSpirit Health ransomware attack exposed data of 623,000 patients

CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals.At the start of October, the Illino
Publish At:2022-12-08 20:10 | Read:38416 | Comments:0 | Tags:Security ransomware

Hacked corporate email accounts used to send MSP remote access tool

MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.The group adopted the new tactic in a campaign that might have started in September but wasn’t observed until October and combined the use of a legitimate remote a
Publish At:2022-12-08 20:10 | Read:28923 | Comments:0 | Tags:Security hack

US Health Dept warns of Royal Ransomware targeting healthcare

The U.S. Department of Health and Human Services (HHS) issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.The Health Sector Cybersecurity Coordination Center (HC3) —HHS' security team— revealed in a new analyst note published Wednesday that the
Publish At:2022-12-08 20:10 | Read:35398 | Comments:0 | Tags:Security ransomware

Removing the Barriers to Security Automation Implementation

Implementation of security automation can be overwhelming, and has remained a barrier to adoptionPreviously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a
Publish At:2022-12-08 18:27 | Read:29648 | Comments:0 | Tags:INDUSTRY INSIGHTS Incident Response Security Architecture se

Automated dark web markets sell corporate email accounts for $2

Cybercrime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sa
Publish At:2022-12-08 16:12 | Read:24388 | Comments:0 | Tags:Security

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud