HackDig : Dig high-quality web security articles for hacker

Securing the managed service provider (MSP)

Managed service providers (MSPs) have been a boon to midsize enterprise. They allow for offloading technical debt to an agent with the skills and resources to manage it, thereby giving an organization room to focus on growing a business, rather than the particulars of infrastructure. For a long while, third-party service providers were not targeted dire
Publish At:2019-10-11 23:25 | Read:117 | Comments:0 | Tags:Business advanced persistent threats APT APT attacks APTs en

Magecart is back: hotels in the firing line

Back in July, a group of cyberattackers called Magecart made the e-commerce word shake. Its malicious skimming code, which is inserted into the websites of these businesses to steal personal and financial data from their customers when making purchases, was discovered on nearly 18,000 domains. And this incident wasn’t the only one. A year ago, British Airway
Publish At:2019-10-11 10:35 | Read:58 | Comments:0 | Tags:News Security business hotel chains supply chain

OpenDreamBox: the vulnerability that affects 32% of the world’s companies

The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack sur
Publish At:2019-10-09 10:35 | Read:185 | Comments:0 | Tags:News Security business IoT vulnerabilities Vulnerability

Explained: security orchestration

Working together in perfect harmony like the wind and percussion sections of a symphony orchestra requires both rigorous practice and a skilled conductor. Wouldn’t it be great if our cybersecurity solutions did the same to better protect organizations? The methods and tools used to accomplish this are often referred to as security orchestration. Even tho
Publish At:2019-10-02 23:20 | Read:214 | Comments:0 | Tags:Explained automated threat response Incident Response incide

Fraud with a deepfake: the dark side of artificial intelligence

Over the last few years, fake news has been a major worry. Fake news is believed to have played an important role in such important electoral processes as the 2016 US presidential election and the Brexit referendum on the withdrawal of the United Kingdom from the European Union the same year. There is now another kind of fake that is causing concern: deep fa
Publish At:2019-10-02 10:35 | Read:188 | Comments:0 | Tags:News Security artificial intelligence business Scam

Operation reWired: 281 BEC scammers arrested worldwide

BEC scams (business email compromise) are big business for cybercriminals. According to the Financial Crimes Enforcement Network (FinCEN), these scams generate around $301 million every month, or $3.6 billion a year. The aim of a BEC scam is to trick an employee into carrying out a fraudulent bank transfer. To do this, cyberattackers send an email impersonat
Publish At:2019-09-27 10:35 | Read:199 | Comments:0 | Tags:News Security bec business scams

Internet Explorer and Microsoft Defender: vulnerable to RCE attacks

Last year, an average of 45 vulnerabilities were discovered every day. This is almost three times more than in 2016. . Cyberincidents as well-known as WannaCry, the Equifax data breach, and the cyberattack on the Winter Olympics are were all facilitated by a vulnerability. Last month, a vulnerability in the WebAdmin plugin of OpenDreamBox 2.0.0.0 was discove
Publish At:2019-09-26 10:35 | Read:230 | Comments:0 | Tags:News Security business vulnerabilities Windows

How Endpoint Detection and Response gave rise to Threat Hunting

In the past, a signature-based cybersecurity solution could be relied on to protect your organization against malware – with updates being posted to you on a floppy disk each month. Signature based solutions are very efficient and accurate at spotting known malware. Signature detection was sufficient until polymorphic techniques (compression and encryption)
Publish At:2019-09-24 10:35 | Read:324 | Comments:0 | Tags:Panda Security Security business edr threat hunting

[SANS ISC] Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs

I published the following diary on isc.sans.edu: “Huge Amount of remotewebaccess.com Sites Found in Certificate Transparency Logs“: I’m keeping an eye on the certificate transparency logs using automated scripts. The goal is to track domain names (and their variations) of my customers, sensitive services in Belgium, key Internet players
Publish At:2019-09-24 09:25 | Read:255 | Comments:0 | Tags:SANS Internet Storm Center Security remotewebaccess.Com SANS

Mystery around Trend Micro apps still lingers one month later

It’s been a little over a month since several Trend Micro apps were kicked out of the Mac App Store by Apple over allegations of stealing user data, but several crucial questions remain unanswered. To recap, security researchers discovered that seven Trend Micro apps were collecting users’ browser data without notifying users (the vendor claims t
Publish At:2019-09-19 23:05 | Read:136 | Comments:0 | Tags:Security

At RSAC 2019, speculative execution threats take a back seat

The Meltdown and Spectre vulnerabilities disclosed in early 2018 dominated much of the infosec discussions and news coverage last year, including those at RSA Conference 2018. But at this year’s event, speculative execution threats are virtually non-existent. RSA Conference 2019 has a single item on its agenda for speculative execution threats: a class
Publish At:2019-09-19 23:05 | Read:163 | Comments:0 | Tags:Security

7 Ways Teens Hide Online Activity + What You Can Do

Even if you’ve set up parental controls on your devices, your teen is just as tech-savvy as you are, if not more. They’ve been raised in a digital age where surfing the web and social media use are second-nature. They can easily disarm a simple pop-up blocker or clear their browser history. So how do you protect them from the Internet when your original safe
Publish At:2019-09-19 17:05 | Read:131 | Comments:0 | Tags:Family Safety Security

LYCEUM and the dangers of spear phishing

Critical infrastructure is one of the favorite targets for the sophisticated attacks carried out by APTs (advanced persistent threats). What makes these APTs really dangerous is the fact that their attacks are never random, and always have a specific target. If an advanced cyberattack managed to paralyze the water supply, or interrupt hospital service, the A
Publish At:2019-09-19 17:05 | Read:186 | Comments:0 | Tags:News Security business critical infrastructure spear phishin

CVs, the perfect tool to deliver malware

Cybercriminals have a litany of techniques to get onto their victims’ IT systems: vulnerabilities, social networks, and even snail mail. The most popular method, however, is email: according to sources in the sector, 91% of cybercrime starts with a phishing email. Quasar: a new version of a popular tactic Towards the end of August, security researchers disco
Publish At:2019-09-19 17:05 | Read:190 | Comments:0 | Tags:Malware Security business Phishing resumes Trojan

[SANS ISC] Agent Tesla Trojan Abusing Corporate Email Accounts

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr
Publish At:2019-09-19 15:55 | Read:166 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Agent Tesla SANS

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud