HackDig : Dig high-quality web security articles for hacker

Mystery around Trend Micro apps still lingers one month later

It’s been a little over a month since several Trend Micro apps were kicked out of the Mac App Store by Apple over allegations of stealing user data, but several crucial questions remain unanswered. To recap, security researchers discovered that seven Trend Micro apps were collecting users’ browser data without notifying users (the vendor claims t
Publish At:2019-09-19 23:05 | Read:40 | Comments:0 | Tags:Security

At RSAC 2019, speculative execution threats take a back seat

The Meltdown and Spectre vulnerabilities disclosed in early 2018 dominated much of the infosec discussions and news coverage last year, including those at RSA Conference 2018. But at this year’s event, speculative execution threats are virtually non-existent. RSA Conference 2019 has a single item on its agenda for speculative execution threats: a class
Publish At:2019-09-19 23:05 | Read:45 | Comments:0 | Tags:Security

7 Ways Teens Hide Online Activity + What You Can Do

Even if you’ve set up parental controls on your devices, your teen is just as tech-savvy as you are, if not more. They’ve been raised in a digital age where surfing the web and social media use are second-nature. They can easily disarm a simple pop-up blocker or clear their browser history. So how do you protect them from the Internet when your original safe
Publish At:2019-09-19 17:05 | Read:37 | Comments:0 | Tags:Family Safety Security

LYCEUM and the dangers of spear phishing

Critical infrastructure is one of the favorite targets for the sophisticated attacks carried out by APTs (advanced persistent threats). What makes these APTs really dangerous is the fact that their attacks are never random, and always have a specific target. If an advanced cyberattack managed to paralyze the water supply, or interrupt hospital service, the A
Publish At:2019-09-19 17:05 | Read:58 | Comments:0 | Tags:News Security business critical infrastructure spear phishin

CVs, the perfect tool to deliver malware

Cybercriminals have a litany of techniques to get onto their victims’ IT systems: vulnerabilities, social networks, and even snail mail. The most popular method, however, is email: according to sources in the sector, 91% of cybercrime starts with a phishing email. Quasar: a new version of a popular tactic Towards the end of August, security researchers disco
Publish At:2019-09-19 17:05 | Read:49 | Comments:0 | Tags:Malware Security business Phishing resumes Trojan

[SANS ISC] Agent Tesla Trojan Abusing Corporate Email Accounts

I published the following diary on isc.sans.edu: “Agent Tesla Trojan Abusing Corporate Email Accounts“: The trojan ‘Agent Tesla’ is not brand new, discovered in 2018, it is written in VisualBasic and has plenty of interesting features. Just have a look at the MITRE ATT&CK overview of its TTP. I found a sample of Agent Tesla spr
Publish At:2019-09-19 15:55 | Read:84 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Agent Tesla SANS

Cisco patches a DoS vulnerability in IOE XE operating system

Cisco fixed a vulnerability in IOE XE software that was introduced due to changes to its implementation of the BGP over an Ethernet VPN. Cisco patches a DoS vulnerability in IOE XE software that was introduced due to changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN. The Cisco IOS XE operating system automates network op
Publish At:2017-11-07 05:10 | Read:15512 | Comments:0 | Tags:Breaking News Security Vulnerability

Estonia suspends security digital certificates for up to 760,000 state-issued electronic ID-cards over Identity-Theft ri

It has happened, one of the most cyber-savvy states, Estonia decided to block Electronic ID Cards over identity theft risk. On Thursday, Estonia announced that it would suspend security digital certificates for up to 760,000 state-issued electronic ID-cards that are using the buggy chips to mitigate the risk of identity theft. The decision comes after IT sec
Publish At:2017-11-05 16:20 | Read:4202 | Comments:0 | Tags:Breaking News Digital ID Security

Flaws in IEEE P1735 electronics standard expose intellectual property

Experts discovered flaws in IEEE P1735 electronics standard, which describes methods for encrypting electronic-design intellectual property (IP). Crypto flaws in the IEEE P1735 electronics standard expose highly-valuable intellectual property in plaintext. The IEEE P1735 electronics standard provides recommendations on methods and techniques for encrypting e
Publish At:2017-11-05 16:20 | Read:4352 | Comments:0 | Tags:Breaking News Hacking Security IEEE P1735 electronics standa

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4266 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

OpenSSL patches vulnerabilities discovered with Google OSS-Fuzz fuzzing service

OpenSSL patches two low and medium severity vulnerabilities that were discovered by using Google’s open source OSS-Fuzz fuzzing service. The medium severity vulnerability tracked as CVE-2017-3736 was addressed with the release of OpenSSL 1.1.0g and 1.0.2m. The flaw is a carry propagating bug in the x86_64 Montgomery squaring procedure, it affects processors
Publish At:2017-11-03 08:40 | Read:3918 | Comments:0 | Tags:Breaking News Hacking Security Google OpenSSL. encryption os

Oracle issues an emergency patch for a bug in Oracle Identity Manager, apply it now!

Oracle fixed a flaw in Oracle Identity Manager that was rated with a CVSS v3 score of 10.0 and can result in complete compromise of the software via an unauthenticated network attack. Oracle issued an emergency patch for a vulnerability in Oracle Identity Manager, the flaw tracked as CVE-2017-10151 was rated 10 in severity on the CVSS scale. “This Secu
Publish At:2017-11-01 19:50 | Read:3408 | Comments:0 | Tags:Breaking News Security CVE-2017-10151 Hacking Oracle Identit

Splunk Custom Search Command: Searching for MISP IOC’s

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events, it becomes quickly mandatory to deploy techniques to help you to extract juicy inf
Publish At:2017-10-31 14:55 | Read:4018 | Comments:0 | Tags:MISP Security Splunk Hunting IOC Python

Investigation Underway at Heathrow Airport After USB Drive Containing Sensitive Security Documents Found on Sidewalk

Security personnel at Heathrow Airport have an exciting investigation underway after confidential security documentation was found on a sidewalk in West London. An unnamed man, on his way to the library, spotted a thumb drive on the sidewalk in Queen’s Park, West London. He pocketed the USB drive and continued on his way. He remembered the USB drive a
Publish At:2017-10-31 06:55 | Read:3831 | Comments:0 | Tags:Breaking News Security Terrorism Heathrow Airport security

Securing the Modern Endpoint the SANS Maturity Way

In Case You Missed It Bromium recently engaged in a series of communications and events on the topic of Securing the Modern Endpoint, covering timely and provocative concepts including: How detection consistently fails to secure the enterprise and why new thinking is desperately needed How to realign your defenses around a modern threat risk model using few
Publish At:2017-10-30 17:15 | Read:3802 | Comments:0 | Tags:Threats case study data sheet defenses detection endpoint mo


Share high-quality web security related articles with you:)


Tag Cloud