HackDig : Dig high-quality web security articles for hacker

High-severity flaw opens Siemens Industrial Switches to attacks

Siemens has started releasing security patches to fix a high severity access control vulnerability in its industrial switches tracked as CVE-2017-12736. The flaw was discovered by experts at Siemens and could be exploited by remote attackers to hack some of Siemens industrial communications devices. The vulnerability affects SCALANCE X industrial Ethernet sw
Publish At:2017-10-01 02:25 | Read:2819 | Comments:0 | Tags:Breaking News Hacking Security access control vulnerability

Strong Passwords Don’t Have to be Hard to Remember

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords. Fourteen yea
Publish At:2017-09-29 22:40 | Read:2971 | Comments:0 | Tags:Security b2b passwords

FBI Director – Terrorists could launch drone attacks very soon

FBI director Christopher Wray warns of terrorists are planning to use drones in attacks, the threat is considered as imminent. This week, FBI Director Christopher Wray warned Congress that terrorists may use drones in attacks against the United States, the official described the threat as imminent. “We do know that terrorist organizations have an inter
Publish At:2017-09-29 12:55 | Read:2545 | Comments:0 | Tags:Breaking News Security Terrorism Drone FBI ISIS US

WiNX: The Ultra-Portable Wireless Attacking Platform

When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase your toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for years (model MK5). It’s not
Publish At:2017-09-29 02:25 | Read:4162 | Comments:0 | Tags:Pentesting Security Social Engineering Hardware WiFi WiNX Wi

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:2281 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

Oracle releases security patches for Apache Struts CVE-2017-9805 Flaw exploited in the wild

Oracle fixed several issues in the Apache Struts 2 framework including the flaw CVE-2017-9805 that has been exploited in the wild for the past few weeks. Oracle has released patches for vulnerabilities affecting many of its products, the IT giant has fixed several issues in the Apache Struts 2 framework, including the flaw CVE-2017-9805 that has been exploit
Publish At:2017-09-26 11:00 | Read:5461 | Comments:0 | Tags:Breaking News Security CVE-2017-9805 Hacking RCE flaw REST S

Google released a Chrome 61 update that patches 2 High-Risk Flaws

Google has just released an updated version of Chrome 61, version 61.0.3163.100, that addresses 3 security flaws, two of which rated high-severity. The new version is already available for Windows, Mac, and Linux users and includes a total of three vulnerabilities. The first high-risk bug, tracked as CVE-2017-5121, is an Out-of-bounds access in V8 reported b
Publish At:2017-09-23 09:15 | Read:2299 | Comments:0 | Tags:Breaking News Security Bug Bounty Chrome High-Risk Flaws Goo

The Impact of the Blockchain on Cybersecurity

Since its appearance in 2009, the concept of the blockchain has expanded past its initial use as the base of bitcoin into many other areas. By its nature, this distributed database provides the perfect platform for the management of cryptocurrency. But its features have attracted the attention of experts interested in a broad array of other applications. Pos
Publish At:2017-09-23 00:30 | Read:2796 | Comments:0 | Tags:Security b2b blockchain cybersecurity

Was Torrent Site The Pirate Bay Being Sneaky or Creative By Tricking Visitors Into Monero Mining

Users noticed a cryptocurrency miner surfaced on The Pirate Bay, the world’s largest torrenting for a day over the weekend. Pop quiz: would you rather A) see ad banners displayed at the top of the website, or B) mine Monero cryptocurrency when you visit a website? Judging by the number of downloads for ad blocking browser extensions, no one likes banner ads.
Publish At:2017-09-19 13:05 | Read:2468 | Comments:0 | Tags:Breaking News Hacking Security Bitcoin miner Monero Pirate B

Shadow IT: How to Protect Something You Didn’t Know Was There

We know that to secure a network, we need to control every single thing that happens on it. But this becomes especially difficult when there are points of the network that we don’t even know about. How can we combat an enemy that moves in the shadows? What is Shadow IT? Such blind spots fall under what is called Shadow IT, a term used to describe unapproved
Publish At:2017-09-19 04:15 | Read:2617 | Comments:0 | Tags:Security b2b shadow it

[SANS ISC] Getting some intelligence from malspam

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week. Usually, most of them
Publish At:2017-09-18 08:05 | Read:2060 | Comments:0 | Tags:Malware Security Splunk Intelligence SANS ISC

Chrome will label Resources delivered via FTP as “Not Secure”

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome, Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.” The security improvement will be implement
Publish At:2017-09-18 00:05 | Read:2412 | Comments:0 | Tags:Breaking News Security Chrome encryption FTP Google HTTPS

Dangers Beyond Ransomware – the Risk of Spyware

There’s been a lot of talk recently about ransomware’s impact on the business environment. It would seem that the central role of this attack casts a shadow over one of the classic villains of cybersecurity: spyware. But a large percentage of today’s attacks suffered by companies today involve this malware. Its risks must not go neglected. Know your enemy On
Publish At:2017-09-15 08:00 | Read:2175 | Comments:0 | Tags:Security b2b cybersecurity Spyware

September Patch Tuesday, patch your Windows now to avoid ugly surprises

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes secu
Publish At:2017-09-14 03:50 | Read:2796 | Comments:0 | Tags:Breaking News Security Blueborn attack Hacking RCE September

Kaspersky Lab solutions banned from US government agencies

The US Department of Homeland security banned government agencies for using software products developed by Kaspersky Lab Bad news for security firm Kaspersky, the US Department of Homeland security banned government agencies for using software products developed by Kaspersky Labs. The ban was the response to the concerns about possible ties between Kaspersky
Publish At:2017-09-14 03:50 | Read:2274 | Comments:0 | Tags:Breaking News Intelligence Security


Share high-quality web security related articles with you:)


Tag Cloud