HackDig : Dig high-quality web security articles for hacker

The Hay CFP Management Method

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security. I speak at a lot of conferences around the world. As a result, people often ask me how I manage the vast number of abstracts and security call for papers (CFPs) submissions. So I thought I’d create a blog post to explain my process. For lack of a better name, let’s call it the Hay CFP Management Method.
Publish At:2017-09-26 00:50 | Read:2505 | Comments:0 | Tags:News Security Research

The Limits of Linguistic Analysis for Security Attribution

Everyone wants to know who was behind the latest audacious cyberattack. Security professionals have long attempted to identify threat actors through linguistic analysis, but this method is limited when it comes to attribution. Part of the problem is that cybercriminals purposely build deception mechanisms into their code. “Deception is always a major
Publish At:2017-07-14 17:35 | Read:2001 | Comments:0 | Tags:Network Risk Management Malware Malware Analysis Programming

Diving into the Issues: Observations from SOURCE and AtlSecCon

Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada. The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the
Publish At:2017-05-06 05:40 | Read:2867 | Comments:0 | Tags:News Security Research speaking conference security

Adversaries & ultrasound scanners: A Q&A with Lookout’s new VP of Security Research on his first day

We’re thrilled to announce Michael Murray, a security industry research veteran, has joined Lookout to head up our Security Research and Response looking to focus on novel research and making the most out of our machine intelligence to knock out commodity and advanced/targeted malware. Mike brings a huge wealth of security knowledge after serving as the dire
Publish At:2016-02-13 05:15 | Read:4987 | Comments:0 | Tags:Lookout News Michael Murray mobile security security researc

An introduction to the new Cisco Network Visibility Flow Protocol (nvzFlow)

As recently announced, Cisco AnyConnect 4.2 extends visibility to the endpoint with the Network Visibility Module (NVM).  Users are one of the most vulnerable parts of any security strategy, with 78% of organizations saying in a recent survey that a malicious or negligent employee had been the cause of a breach.  However, until now, IT Administrators had bee
Publish At:2015-11-17 07:45 | Read:3537 | Comments:0 | Tags:Security Advanced Machine Learning Algorithms Big Data Cisco

Calling all Incident Responders

We are happy to announce the final schedule for IRespondCon, a conference that is specifically designed for incident responders. IRespondCon is held annually at OpenDNS HQ and offers a day of free training, presentations, and networking with some of the top information security engineers, instructors, and fellow responders. They’ll be showing how to use free
Publish At:2015-10-28 01:30 | Read:5794 | Comments:0 | Tags:Security incident response security research

October 2015 Patch Tuesday

Posted October 13, 2015   BeyondTrust Research TeamThis month’s Patch Tuesday is on the lighter side, offering up six bulletins and 33 vulnerabilities in total. Updating Edge is proving to be a recurring theme, however its vulnerability count remains low, which can be interpreted as a good thing. The critical bulletins to watch out for involve
Publish At:2015-10-14 04:20 | Read:2322 | Comments:0 | Tags:Security Research october 2015 patch tuesday Patch Tuesday

XCodeGhost ‘Materializes’ on App Store

According to several sources, Apple’s App Store, known for being a strictly regulated closed ecosystem, has been infiltrated with malware that our friends over at Palo Alto Networks‘ Unit 42 are calling XcodeGhost. Unit 42 initially discovered that the malware had infected 39 iOS apps (a number that keeps climbing and is north of 50 apps at time
Publish At:2015-09-22 08:35 | Read:2637 | Comments:0 | Tags:Malware News OpenDNS Security Research

September 2015 Patch Tuesday

Posted September 9, 2015   BeyondTrust Research TeamSeptember’s Patch Tuesday offers 12 bulletins which include the typical round of Internet Explorer and Office updates. Windows 10’s new browser, Edge, also receives its second consecutive round of updates, however with much fewer vulnerabilities being addressed when compared to IE, indicating
Publish At:2015-09-09 19:40 | Read:2120 | Comments:0 | Tags:Security Research microsoft patch tuesday september 2015 pat

An Example of Common String and Payload Obfuscation Techniques in Malware

I’ve recently investigated malware that we received from a customer. The SHA-256 is: f4d9660502220c22e367e084c7f5647c21ad4821d8c41ce68e1ac89975175051. This is not particularly complex malware from a technical point of view, but it illustrates some of the most common techniques used by malware authors to complicate dynamic (automated) and static (manual
Publish At:2015-09-05 03:20 | Read:3134 | Comments:0 | Tags:IBM X-Force Malware IBM X-Force Security Research Security R

Blurred Lines: Researching the Ashley Madison Data

Put your imagination caps on folks, it’s scenario-imagining time. What if someone were to break into your home, steal your belongings and leave them somewhere with a sign in front stating “Stolen Goods”? Someone else walks by, sees the stuff and takes it all despite the Stolen Goods warning. No blurred lines here — clearly the second Mr. or
Publish At:2015-08-26 14:45 | Read:3299 | Comments:0 | Tags:Data Protection Ashley Madison Cyberattack Data Breach Infor

Emergency Microsoft Internet Explorer Security Update MS15-09315

Posted August 18, 2015   BeyondTrust Research TeamEarlier today, Microsoft released an out-of-band patch to address a critical vulnerability that affects all versions Internet Explorer. It should be noted that Windows 10 is also affected due to its default installation of IE 11. The vulnerability (CVE-2015-2502), discovered by Clement Lecigne
Publish At:2015-08-19 13:35 | Read:2318 | Comments:0 | Tags:Security Research internet explorer patch Microsoft

August 2015 Patch Tuesday

Posted August 11, 2015   BeyondTrust Research TeamAugust brings with it another hefty Patch Tuesday containing 14 bulletins in total. As usual, Internet Explorer and Office patch their monthly dose of memory corruption vulnerabilities, while more atypical vulnerabilities present themselves in forms ranging from Cross-Site Scripting to command
Publish At:2015-08-12 05:15 | Read:2587 | Comments:0 | Tags:Security Research Microsoft patch tuesday august 2015

OpenDNS Security Labs at BSides Las Vegas, Black Hat, and Defcon

It’s that time of year where security folks descend upon the desert of Las Vegas for what many call “Security Summer Camp” or, in some circles, “Hacker Summer Camp”. We, of course, mean the Holey Trinity (see what we did there?) of Security BSides Las Vegas, Black Hat, and Defcon. Security Analysts Kevin Bottomley and Josh Pyorr
Publish At:2015-08-04 06:40 | Read:2189 | Comments:0 | Tags:Events News OpenDNS Security Community Security Research Sec

Microsoft Patches a Critical Vulnerability in Adobe Type Manager Font Driver

Posted July 20, 2015   BeyondTrust Research TeamToday, Microsoft released the MS15-078 bulletin containing a patch for yet another flaw in the Adobe Type Manager Font Driver (atmfd.dll). This patch, coming just shy of a week after Microsoft’s monthly Patch Tuesday event, fixes a kernel pool overflow vulnerability (CVE-2015-2426), which can all
Publish At:2015-07-22 01:30 | Read:1766 | Comments:0 | Tags:Security Research Vulnerability Management Microsoft vulnera

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud