HackDig : Dig high-quality web security articles

Securing APIs: Empowering Security

Posted under: Research and Analysis As discussed in Application Architecture Disrupted, macro changes including the migration to cloud disrupting the tech stack, application design patterns bringing microservices to the forefront, and DevOps changing dev/release practices dramatically impact building and deploying applications. In this environment, the f
Publish At:2021-04-15 22:42 | Read:146 | Comments:0 | Tags: security

Mozilla drops Firefox support on Amazon Fire TV

This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line.Amazon Fire TV exists both as an app and a physical stick that TV owners can install on their television sets to access a plethora of streaming services.Although Firefox will be no longer supported on Fire TV eff
Publish At:2021-04-15 17:29 | Read:140 | Comments:0 | Tags:Security Technology

Celsius email system breach leads to phishing attack on customers

Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack.Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list."An unauthorized party managed to gain access t
Publish At:2021-04-15 17:29 | Read:180 | Comments:0 | Tags:Security

Domain Name Security Neglected by U.S. Energy Companies: Report

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.The Biden administration is concerned about potentially damaging cyberattacks aimed at the country’s critical infrastructure, and it’s taking steps to help electric ut
Publish At:2021-04-15 15:50 | Read:170 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Email Security Identity

US government confirms Russian SVR behind the SolarWinds hack

The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies.In a brief announcing sanctions on Russia for actions against the U.S. interests, the White House is naming the Cozy Bear group of advanced hackers a
Publish At:2021-04-15 13:34 | Read:70 | Comments:0 | Tags:Security hack

Why Security Pros Can’t Ignore Big Data Monopolies

The rise of the cloud didn’t free us from concerns over who stores our data. Where matters, and major cloud providers and big data monopolies host a huge percentage of the world’s data. Thousands of organizations that store and manage personal, business and government data use big-name cloud providers. Smartphone platform companies house an
Publish At:2021-04-15 13:01 | Read:113 | Comments:0 | Tags:Data Protection Risk Management Big Data Big Data Security D

How to Design and Roll Out a Threat Model for Cloud Security

Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your cloud landscape. The
Publish At:2021-04-15 13:01 | Read:65 | Comments:0 | Tags:Cloud Security Security Intelligence & Analytics Security Se

Malwarebytes releases SMB Cybersecurity Trust & Confidence Report 2021

What can we say about 2020 that hasn’t already been said? Beliefs were shaken. Values were questioned. Truths were tested. Then COVID happened and things really got crazy. The World Health Organization declared the coronavirus outbreak a global pandemic on March 12, 2020. That same day cybersecurity got flipped on its head.  Entire businesses had
Publish At:2021-04-15 11:44 | Read:110 | Comments:0 | Tags:Malwarebytes news CISOs cybersecurity trust & confidence rep

NSA: Top 5 vulnerabilities actively abused by Russian govt hackers

A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests.In an advisory issued today, the NSA
Publish At:2021-04-15 09:39 | Read:171 | Comments:0 | Tags:Security hack

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released ones, among the issues addressed by the software giant there is a critical flaw in SAP Commerce. &#
Publish At:2021-04-15 09:19 | Read:165 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

AI Security: How Human Bias Limits Artificial Intelligence

For cybersecurity experts, artificial intelligence (AI) can both respond to and predict threats. But because AI security is everywhere, attackers are using it to launch more refined attacks. Each side is seemingly playing catch-up, with no clear winner in sight.  How can defenders stay ahead? To gain context about AI that goes beyond prediction, detect
Publish At:2021-04-15 09:06 | Read:149 | Comments:0 | Tags:Security Intelligence & Analytics Artificial Intelligence Se

NVIDIA Unveils 'Morpheus' Cybersecurity Framework

NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.According to NVIDIA, Morpheus leverages machine learning to identify anomalies and threats — such as phishing, data leaks and malware — through real-time inspection of all IP traffic in an organiz
Publish At:2021-04-15 08:00 | Read:136 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Cloud Security Security

Important Strategies for Aligning Security With Business Objectives

What is the objective of implementing cybersecurity in a business? The answer might vary depending on whether you ask a security professional or a business executive. However, in any cybersecurity implementation, it’s very important to stay focused on the big picture: cybersecurity is there to secure the business and its assets, so the business can concentra
Publish At:2021-04-14 23:50 | Read:121 | Comments:0 | Tags: security

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

The agency urges researchers to take precautions amid an ongoing targeted threat campaign.The Cybersecurity and Infrastructure Security Agency (CISA) is cautioning cybersecurity researchers to keep their guard up amid a wave of attacks targeting this particular group.Related Content:Google Updates on Campaign Targeting Security ResearchersSpecial Report: How
Publish At:2021-04-14 20:12 | Read:75 | Comments:0 | Tags: CISA security

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it.
Publish At:2021-04-14 17:59 | Read:225 | Comments:0 | Tags:Security exploit