HackDig : Dig high-quality web security articles

How IBM Secured the 2022 US Open

Throughout the US Open Tennis Championship, the infrastructure for USOpen.org and the mobile apps can see upwards of 3 million security events. While the vast majority of events are not serious, security analysts must quickly determine which are concerning to take immediate action. However, with such a large volume and variety of data, security analysts nee
Publish At:2022-09-21 16:06 | Read:41696 | Comments:0 | Tags:Intelligence & Analytics Cloud Security Data Protection Thre

A Response Guide for New NSA and CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading.  Man
Publish At:2022-09-15 12:08 | Read:48749 | Comments:0 | Tags:Government Risk Management Threat Intelligence cybersecurity

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human erro
Publish At:2022-09-14 07:58 | Read:82715 | Comments:0 | Tags:Zero Trust Cloud Security Identity & Access Threat Intellige

We’re Entering the Age of Unethical Voice Tech

In 2019, Google released a synthetic speech database with a very specific goal: stopping audio deepfakes.  “Malicious actors may synthesize speech to try to fool voice authentication systems,” the Google News Initiative blog reported at the time. “Perhaps equally concerning, public awareness of “deep fakes” (audio or video
Publish At:2022-09-13 12:08 | Read:53460 | Comments:0 | Tags:Incident Response Threat Intelligence deep fake deepfake Art

Ransomware review: August 2022

Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. As expected, LockBit remained the dominant ransomware variant in August, as it has all year
Publish At:2022-09-08 22:45 | Read:66604 | Comments:0 | Tags:Threat Intelligence ransomware

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in
Publish At:2022-09-01 14:44 | Read:54664 | Comments:0 | Tags:Intelligence & Analytics Malware Security Services Threat In

How and Why Do Teens Become Cyber Criminals?

The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house. The BBC reported the teen is alleged to have earned $14 million from his attacks. The search for ot
Publish At:2022-08-30 11:10 | Read:37976 | Comments:0 | Tags:Risk Management Threat Intelligence cyber crime cybersecurit

How Cybersecurity Policy Has Changed Since the SolarWinds Attack

Major cyberattacks since 2019 jolted the U.S. government and software industry into action. The succeeding years have seen executive orders, new funding, two summits and a newfound resolve. Because of those attacks, the federal government aims to fix the open-source software security threat altogether. But what has really come of these efforts in the last f
Publish At:2022-08-29 11:22 | Read:42447 | Comments:0 | Tags:Government Risk Management Threat Intelligence cyber attacks

Exploits and TrickBot disrupt manufacturing operations

September 2021 saw a huge spike of exploit detections against the manufacturing industry, with a distributed spread between California, Florida, Ohio, and Missouri.  This is combined with heavy detections of unseen malware, identified through our AI engine, spiking in May as well as September 2021. May brought with it a flood of attacks that exploi
Publish At:2022-08-25 22:35 | Read:31227 | Comments:0 | Tags:Threat Intelligence exploit

Black Hat SEO: Is Someone Phishing With Your Site Domain?

Search engine optimization (SEO) is a long game. Improving your website to rank higher on search engine results pages helps you attract more traffic. Plus, it helps build a trustworthy reputation. But, some people want to take shortcuts by using what’s known as black hat SEO. If this happens, your business could pay the price. What Is Black Hat SEO? B
Publish At:2022-08-25 11:58 | Read:38011 | Comments:0 | Tags:Risk Management Threat Intelligence Black Hat Cybercriminals

Attackers waited until holidays to hit US government

The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021, mainly focused in Memphis, Tennessee. This data coincides wi
Publish At:2022-08-18 23:59 | Read:71075 | Comments:0 | Tags:Threat Intelligence

Business Services industry targeted across the country for backdoor access

The presence of so many hacking tools in the detections for the Business Services industry tells a story about these organizations being targeted for not only infection, but to establish backdoors and likely gain access to customers of the organizations through the victim’s network. Just like everyone else, the Business Services industry dealt with hea
Publish At:2022-08-18 23:59 | Read:64042 | Comments:0 | Tags:Threat Intelligence

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Dev

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to aff
Publish At:2022-08-18 13:22 | Read:66508 | Comments:0 | Tags:Endpoint Incident Response Intelligence & Analytics Malware

Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High

IBM Security and the Ponemon institute release an annual report known as one the most significant industry benchmarks. The Cost of a Data Breach analysis examines real-world breaches in great detail, producing insights into the factors that impact the cost of cyber-attacks. In the 2022 report just released, the healthcare sector stands out for extremely hig
Publish At:2022-08-17 13:34 | Read:76590 | Comments:0 | Tags:Zero Trust Healthcare Threat Intelligence Threat Research IB

How to Remediate a Cross-Site WebSocket Vulnerability

Today, many leading industries and modern enterprises have switched from processing and acting on data stored in databases to data in flight. How? Through real-time applications. One way to enable this is WebSocket, but it comes with vulnerabilities as well.  What Is WebSocket? Real-time applications operate within an immediate time frame; sensing, ana
Publish At:2022-08-16 11:40 | Read:32979 | Comments:0 | Tags:Data Protection Threat Intelligence WebSocket cross-origin w


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud