HackDig : Dig high-quality web security articles for hackers

US 2020 Presidential apps riddled with tracking and security flaws

The Vote Joe app, used by the Biden 2020 Presidential campaign to better engage with voters, was found to be leaking potentially sensitive information about voters, such as their political affiliations and past voting choices.The iOS app also didn't enforce email verification which would let anybody, including non-US citizens, download the app and have
Publish At:2020-09-17 13:27 | Read:74 | Comments:0 | Tags:Security Government security

Ransomware attack at German hospital leads to death of patient

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.On September 10th, the Duesseldorf University hospital in Germany suffered a ransomware attack after threat actors exploited a software vulnerability in "a commercial add-on software that is common in the market and used worldwi
Publish At:2020-09-17 13:27 | Read:93 | Comments:0 | Tags:Security ransomware

U.S. charges Chinese Winnti hackers for attacking 100+ companies

The U.S. Department of Justice announced today charges against five Chinese nationals fort cyberattacks on more than 100 companies, some of them being attributed to state-backed hacking group APT41.APT41 is one of the oldest threat groups, known primarily for cyber-espionage operations against a variety of entities, including software developers, gaming comp
Publish At:2020-09-17 09:32 | Read:99 | Comments:0 | Tags:Security hack

Drug spammers start using new technique to bypass spam filters

Actors behind a pill scam campaign are trying a new technique, betting on unconventional representation of URLs in spam messages to keep them undetected by email protection systems and URL block lists.In a massive campaign observed by security researchers, the operators put in some effort to ensure wider reach of their messages promoting dubious pharmaceutic
Publish At:2020-09-17 09:32 | Read:96 | Comments:0 | Tags:Security

[SANS ISC] Suspicious Endpoint Containment with OSSEC

I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections.  To place the device into a restricted environment is definitively better than power
Publish At:2020-09-17 08:05 | Read:89 | Comments:0 | Tags:OSSEC SANS Internet Storm Center Security Incident SANS ISC

Building Your Team up to Win the Security Arms Race

In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed.How to Make Sure You’ve Got the Momentum You NeedI’d li
Publish At:2020-09-17 01:02 | Read:139 | Comments:0 | Tags:IT Security and Data Protection compliance File Integrity Mo

Risk Management: How Security Can Learn to Do the Math

Risk management is an important element in using data to get ahead of cybersecurity risks before they happen. The costs of protecting an enterprise of any size against cyber attacks continue to rise. Once a business truly understands the consequences of an incident, its leaders must decide how to manage the risk. They can choose to accept, reduce or av
Publish At:2020-09-16 21:17 | Read:89 | Comments:0 | Tags:CISO Risk Management Security Services Cybersecurity Financi

Google Chrome is making it easier to reset compromised passwords

Google Chrome is adding a new feature that will make it easier for users to reset stored passwords that have been detected as compromised in data breaches.Since 2018, Apple has supported the /.well-known/change-password feature as a way for web sites to specify the page that is used to reset or change passwords on the site.This feature has been used by Safar
Publish At:2020-09-16 17:55 | Read:121 | Comments:0 | Tags:Google Security Software

8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels

Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?Today, the world's biggest organizations rely on specific technology to run their daily business operations, which are supported by mission-critical applications. These applications are represented by vendors like SAP and
Publish At:2020-09-16 14:20 | Read:110 | Comments:0 | Tags: security

This security awareness training email is actually a phishing scam

​A creative phishing campaign uses an email template that pretends to be a reminder to complete security awareness training from a well-known security company.As computer users become more aware and educated on standard phishing techniques and templates, threat actors need to continually evolve their methods to develop innovative ways to trick users in
Publish At:2020-09-16 14:00 | Read:129 | Comments:0 | Tags:Security security

University Hospital New Jersey hit by SunCrypt ransomware, data leaked

University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.Established in 1994, the University Hospital is a New Jersey state-owned teaching hospital that provides medical care to residents.The hospital runs on a $626 million budget and has over 3,500 employees, 519 lice
Publish At:2020-09-16 14:00 | Read:157 | Comments:0 | Tags:Security ransomware data leak

U.S. House Passes IoT Cybersecurity Bill

The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices.First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.The bipartisan legislation is backed b
Publish At:2020-09-16 12:22 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Cybersecurity Bounces Back, but Talent Still Absent

While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps. Leave it to a global pandemic to disrupt industries many of us have assumed to be stalwart. Companies fortunate enough not to traffic in hard goods are realizing they can survive (and cut significant costs) by moving to w
Publish At:2020-09-16 12:19 | Read:74 | Comments:0 | Tags: security cyber cybersecurity

#GartnerSEC: Top Trends for Risk and Security Include Cloud, Automation and Privacy

The current top trends in security and risk management for threat-facing, disruption and the organization have been detailed at the Gartner Security and Risk Virtual Summit.Speaking at the event, research VP Peter Firstbrook pointed at “mega trends that are beyond your control,” which include: the skills gap, regulation and privacy
Publish At:2020-09-16 11:18 | Read:82 | Comments:0 | Tags: Cloud security

Back to Basics: Creating a Culture of Cybersecurity at Work

The importance of security culture can be seen now more than ever. Many of us work remotely; there are app concerns; and the lines between personal and business use of devices and networks are blurred, challenging our cyber resilience. Therefore, despite all the great tools, frameworks and protective measures in place, we need to ensure people are doin
Publish At:2020-09-16 09:33 | Read:140 | Comments:0 | Tags:CISO Data Protection Security Services cybersecurity educati

Tools

Tag Cloud