HackDig : Dig high-quality web security articles

Double Encryption: When Ransomware Recovery Gets Complicated

Ever hear of double extortion? It’s a technique increasingly employed by ransomware attackers. A malware payload steals a victim’s plaintext information before launching its encryption routine. Those operating the ransomware then go on to demand two ransoms — one for a decryption utility and the other for the deletion of the victim&rsquo
Publish At:2021-07-26 13:44 | Read:56 | Comments:0 | Tags:Incident Response Security Services data recovery decryption

Thriving in Chaos: How Cyber Resilience Works

In cybersecurity as in most jobs, problems don’t happen one at a time, you’re bound to have a few at once. Speakers at the RSA Conference 2021 talked about this in terms of maintaining cyber resilience in chaos. So, what does the buzzword ‘cyber resilience’ really mean? And why is it important to be able to embrace chaos in your day-
Publish At:2021-07-22 22:06 | Read:252 | Comments:0 | Tags:Incident Response Risk Management Security Services cyber re

Avoid Blind Spots: Is Your Incident Response Team Cloud Ready?

The year 2020 — with all its tumult — ushered in a massive shift in the way most companies work. Much of that transformation included migrating to cloud, with some statisticians reporting that a full 50% of companies across the globe are now using cloud technology. In many ways, that’s good — cloud holds several advantages for organi
Publish At:2021-07-20 15:02 | Read:114 | Comments:0 | Tags:Cloud Security Incident Response Security Services Cloud Clo

Two (or More) Is Better Than One: Digital Twin Tech for Cybersecurity

Throughout my lifetime, I’ve wondered on many occasions how my life would have changed had I made a different decision at a critical point — picked a different college, taken a different job or moved to another town. I’ve often wished that I could watch a movie of the different outcomes before making a decision, like in the movie “Sl
Publish At:2021-07-19 15:38 | Read:170 | Comments:0 | Tags:Artificial Intelligence Security Services Cybersecurity digi

Cyber Insurers Might Be Making the Ransomware Problem Worse

In mid-May, one of the largest insurance companies in the U.S. paid $40 million to ransomware attackers. Two people familiar with the matter told Bloomberg that the malicious actors stole an undisclosed quantity of data and then effectively locked the insurer out of its network for two weeks. The company ignored the attackers’ demands at first. But, a
Publish At:2021-07-16 13:32 | Read:243 | Comments:0 | Tags:Advanced Threats Incident Response Malware Risk Management S

When ‘Later’ Never Comes: Putting Small Business Cybersecurity First

Small- and medium-sized businesses can be victims of digital attacks as much as global ones can. In fact, 88% of small business owners think they’re open to a cyberattack. In response, startups must allocate time and resources to getting the right small business cybersecurity measures, right? If only business realities were that simple. Let&rsquo
Publish At:2021-07-16 09:38 | Read:199 | Comments:0 | Tags:CISO Security Services digital security small business Cyber

Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness

Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be a key element of a smart security strategy. Software vulnerabilities are one of the root causes of attacks. One unpatch
Publish At:2021-07-15 18:56 | Read:132 | Comments:0 | Tags:Intelligence & Analytics Security Services vulnerability ass

Your Home Away From Home May Not Be as Cybersecure as You Think

Home is where the ‘smart’ is. A recent study revealed the average American household has 25 connected or Internet of Things (IoT) devices. The number of consumers who have smart home devices connected to their home internet has grown by 38% since the pandemic began. The findings don’t surprise Brad Ree, the chief technology officer (CTO) o
Publish At:2021-07-13 16:14 | Read:111 | Comments:0 | Tags:Mobile Security Software Vulnerabilities Endpoint Network Se

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the del
Publish At:2021-07-12 12:56 | Read:186 | Comments:0 | Tags:Advanced Threats Malware Risk Management Security Services T

Don’t Be Rude, Stay: Avoiding Fork&Run .NET Execution With InlineExecute-Assembly

Some of you love it and some of you hate it, but at this point it should come as no surprise that .NET tradecraft is here to stay a little longer than anticipated. The .NET framework is an integral part of Microsoft’s operating system with the most recent release of .NET being .NET core. Core is the cross-platform successor to the .NET Framework that
Publish At:2021-07-08 17:26 | Read:212 | Comments:0 | Tags:Endpoint Network Security Services developers Endpoint Secur

REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya, Downstream Impact May Affect Over 1,500 Custome

On July 2, 2021, Kaseya customers were notified of a compromise affecting the company’s VSA product in a way that poisoned the product’s update mechanism with malicious code. VSA is a remote monitoring and management tool for networks and endpoints intended for use by enterprise customers and managed service providers (MSPs). According to Kaseya
Publish At:2021-07-07 14:08 | Read:192 | Comments:0 | Tags:Intelligence & Analytics CISO Malware Risk Management Securi

Attacks on Operational Technology From IBM X-Force and Dragos Data

Operational Technology Threats in 2021: Ransomware, Remote Access Trojans and Targeted Threat Groups Organizations with operational technology (OT) networks face many unique — and often complicated — considerations when it comes to cybersecurity threats. One of the main challenges facing the community is the convergence of an increasingly OT-awa
Publish At:2021-07-07 10:14 | Read:126 | Comments:0 | Tags:Advanced Threats Incident Response Malware Risk Management S

Hunting for Windows “Features” with Frida: DLL Sideloading

Offensive security professionals have been using Frida for analyzing iOS and Android mobile applications. However, there has been minimal usage of Frida for desktop operating systems such as Windows. Frida is described by the author as a “Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.” From a securit
Publish At:2021-07-01 17:47 | Read:218 | Comments:0 | Tags:Endpoint Network Security Services Application Programming I

Confessions of a Famous Fraudster: How and Why Social Engineering Scams Work

In a world in which bad news dominates, social engineering scams that carry a promise of good news can be incredibly lucrative for cyber criminals.  In one recent example, fraudsters set up a phony job posting using a real recruiter as the contact person for the hiring process. Applicants hoping for a chance at the too-good-to-be-true position were ins
Publish At:2021-07-01 17:47 | Read:203 | Comments:0 | Tags:Banking & Finance Data Protection Fraud Protection Identity

June 2021 Security Intelligence Roundup: Cybersecurity Certifications, The Problem With New Accounts and Defanging Phish

Cybersecurity careers are a buzzy topic lately, with more people needed and salaries competitive. How do you make yourself stand out in this field and find a career you both love and do well? Meanwhile, when you’re not working you may very well be making a new streaming account to escape after a long day. The pandemic has changed our streaming habits
Publish At:2021-07-01 02:11 | Read:194 | Comments:0 | Tags:CISO Cloud Security Endpoint Risk Management Security Servic

Tag Cloud