HackDig : Dig high-quality web security articles

NetStandard attack should make Managed Service Providers sit up and take notice

Managed Service Providers (MSPs), organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntress noticed that an increasing number of Initial Access Brok
Publish At:2022-08-03 16:03 | Read:157 | Comments:0 | Tags:Security world cisa connectwise IAB kaseya MSP NetStandard s

Cybersecurity agencies: You don’t have to delete PowerShell to secure it

Microsoft’s PowerShell is a useful, flexible tool that is as popular with criminals as it is with admins. Cybercrooks like it becasue PowerShell is powerful, available almost everywhere, and doesn’t look out of place running on a company network. In most places it isn’t practical to block PowerShell completely, which raises the question:
Publish At:2022-06-24 07:53 | Read:678 | Comments:0 | Tags:Security world amsi applocker credential protection fileless

RSA 2022: Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool

Prometheus—a ransomware build based on Thanos that locked up victims’ computers in the summer of 2021—included a major “vulnerability” that led security researchers at IBM to try and build a one-size-fits-all ransomware decryptor that could work against multiple ransomware variants, including Prometheus, AtomSilo, LockFile, Bandana, Chaos, and PartyTicket.
Publish At:2022-06-06 21:07 | Read:414 | Comments:0 | Tags:Conferences Security world AtomSilo Bandana Chaos IBM lockfi

The Quad commits to strengthening cybersecurity in software, supply chains

The United States, Australia, and its Asian partners—India and Japan—have agreed to work on several cybersecurity initiatives on software, supply chain, and user data. The countries’ leaders, who convened in Tokyo on May 24, 2022, have met annually four times since the revival of the alliance—formally called the Quadrilateral Security Dialogue, or s
Publish At:2022-05-30 12:59 | Read:613 | Comments:0 | Tags:Security world Anthony Albanese Australia Fumio Kishida indi

A scanning tool for open-sourced software packages? Yes, please!

The Open Source Security Foundation (OpenSSF), a collective of industry leaders aimed at improving the security of open-source software (OSS), recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package Analysis, analyzed and identified at least 200 malicious package
Publish At:2022-05-09 08:52 | Read:946 | Comments:0 | Tags:Security world BigQuery Caleb Brown Google npm Open Source S

Over 50 countries sign the “Declaration for the Future of the Internet”

Governments of the US, EU member states, and 32 other countries have announced the launch of the “Declaration for the Future of the Internet,” a “political commitment” among endorsers “to advance a positive vision for the internet and digital technologies.” “We are united by a belief in the potential of digital te
Publish At:2022-05-03 12:48 | Read:526 | Comments:0 | Tags:Security world Declaration for the Future of the Internet Eu

Ukraine government and pro-Ukrainian sites hit by DDoS attacks

The Computer Emergency Response Team in Ukraine (CERT-UA) has announced that Ukraine government web portals and pro-Ukraine sites are subjected to ongoing DDoS (distributed denial of service) attacks. They don’t currently know who is behind these attacks. The attack involves injecting a malicious JavaScript (JS)—officially named “BrownFlood
Publish At:2022-04-29 04:56 | Read:704 | Comments:0 | Tags:Security world BrownFlood CERT-UA compromised WordPress site

Cash App breached by a former employee could affect millions

p>In December last year, the customer information of Cash App users was accessed by a former employee of Block, the company behind the popular mobile payment service app. This was revealed in a very recent filing to the Securities and Exchange Commission (SEC), which shows that the former employee accessed and downloaded “certain reports” contain
Publish At:2022-04-07 08:52 | Read:1364 | Comments:0 | Tags:Security world block Cash App improper offboarding practices

Anti-war open-source software developer targets Russians and Belarussians with “protestware”

p>Russia is in the midst of its fourth week of attack against Ukraine. People worldwide have been increasingly and passionately showing support for Ukrainians since day one while condemning the atrocities of Russian President Vladimir Putin, the Russian military, and Belarus, its allied country. While there is truly increased risk against lives and proper
Publish At:2022-03-24 21:03 | Read:2049 | Comments:0 | Tags:Security world CaddyWiper colors CVE-2022-23812 disinformati

How to protect RDP

You didn’t really think that the ransomware wave was coming to an end, did you? You may be tempted to think so, given the decline in reports about massive ransomware campaigns. Don’t be fooled. Over the last five years, one of the primary attack vectors for ransomware attacks has been the Remote Desktop Protocol (RDP). Remote desktop is exactly what
Publish At:2022-03-18 12:47 | Read:2330 | Comments:0 | Tags:Business Security world business ransomware rdp remote acces

DDoS barrage against Israel described as the “largest ever” cyberattack its faced

Several government websites in Israel—those using the .gov.il domain—were inaccessible after a distributed denial of service (DDoS) attack hit Israel’s telecommunication provider, Cellcom. NetBlocks, a network disruption watchdog, initially detected “a significant disruption” aimed at the provider, which appeared to have also affected anoth
Publish At:2022-03-15 21:03 | Read:721 | Comments:0 | Tags:Security world Bezeq Cellcom ddos distributed denial of serv

Google and Microsoft accused of feeding smaller search engines spam ads

Google and Microsoft appear to have been flooding their smaller search engine rivals with spam ads, to limit the number of higher-value ads that appear on them, according to data viewed by POLITICO. Ads are considered “spam” if they appear in search results but have little to no relevance to the search terms a user has entered, and may direct
Publish At:2022-02-25 08:51 | Read:2385 | Comments:0 | Tags:Security world antitrust law Bing DuckDuckGo gatekeeper sear

Microsoft: Slow MFA adoption presents “dangerous mismatch” in security

Multi-factor authentication (MFA) has been around for many years now, but few enterprises have fully embraced it. In fact, according to Microsoft’s inaugural “Cyber Signals” report, only 22 percent of all its Azure Active Directory (AD) enterprise clients have adopted two-factor authentication (2FA), a form of MFA. That leaves 78 percent th
Publish At:2022-02-09 08:50 | Read:891 | Comments:0 | Tags:Security world 2fa Azure Active Directory Cyber Signal Googl

Senate Committee passes new antitrust bill aimed at Big Tech companies

The American Innovation and Choice Online Act (AICOA), a bill that forbids Big Tech platforms like Apple, Alphabet (Google’s parent company), and Amazon from generally behaving in an anti-competitive manner, was approved by the Senate Judiciary Committee late last week with a 16-6 vote. US Senator Amy Klobuchar of Minnesota, a primary sponsor of the
Publish At:2022-01-26 16:42 | Read:2773 | Comments:0 | Tags:Security world AICOA amazon American Innovation and Choice A

Infamous dark net carding site UniCC to close

UniCC, the largest site on the dark web that sells credit card and debit card information, will close up shop for good, taking its affiliate site, LuxSocks, with it, too. According to Elliptic, a company that offers risk solutions for cryptoassets, the unknown UniCC administrators have made an estimated $358M USD in cryptocurrency for selling stolen credit c
Publish At:2022-01-18 08:50 | Read:2842 | Comments:0 | Tags:Security world Alex Hudson Arbix Finance bitcoin carding dar

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud