HackDig : Dig high-quality web security articles for hacker

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making breaches, it’s becoming clear that the greatest risks to an organization might come down to a simple
Publish At:2017-09-21 19:15 | Read:123 | Comments:0 | Tags:Advanced Threats Cloud Security Data Protection Software & A

Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold

Since we last reported on a version of the ELF Linux/Mirai malware containing cryptocurrency coin-mining tools in April, the IBM X-Force has noticed a steep increase in the volume of coin central processing unit (CPU) mining tools used in cyberattacks, specifically those targeting enterprise networks. According to IBM Managed Security Services (MSS) data,
Publish At:2017-09-19 12:00 | Read:61 | Comments:0 | Tags:Advanced Threats Security Services Threat Intelligence X-For

Raise the Red Flag: Guidelines for Consuming and Verifying Indicators of Compromise

Indicators of compromise (IoCs) are artifacts such as file hashes, domain names or IP addresses that indicate intrusion attempts or other malicious behavior. These indicators consist of: Observables — measurable events or stateful properties; and Indicators — observables with context, such as time range. IoCs are crucial for sharing threat information and
Publish At:2017-09-18 17:25 | Read:119 | Comments:0 | Tags:Fraud Protection Incident Response Cyberattacks Incident Res

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:185 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

What Do Avocados and Threat Intelligence Have in Common?

Full disclosure: I would not eat guacamole for years because a certain puppet-centric movie I saw as a child had me convinced that it was actually made of frog brains. Once in college, however, seeing guacamole being made completely changed my opinion — unlike a sausage-making demonstration in a rather unfortunate public speaking class that same year of coll
Publish At:2017-09-13 08:20 | Read:187 | Comments:0 | Tags:Incident Response Threat Intelligence IBM X-Force Exchange I

Brazilian Malware Client Maximus: Maximizing the Mayhem

In January 2017, IBM X-Force research reported the development of a new remote-access malware code targeting Brazilian banks. The malware, dubbed Client Maximus, was observed in ongoing campaigns and continues to target online banking users in the country. The development of Client Maximus, which is believed to be commercially available in Brazilian fraud an
Publish At:2017-09-12 13:50 | Read:129 | Comments:0 | Tags:Fraud Protection Malware Threat Intelligence Advanced Threat

A Basic Model to Measure SIEM Maturity

Every day, organizations rely on security information and event management (SIEM) solutions to protect, control and monitor their technology infrastructures. These platforms serve as early detection tools for security threats. But how can security professionals validate that their SIEM systems are properly configured and aligned with the organization’s
Publish At:2017-09-08 10:00 | Read:175 | Comments:0 | Tags:Data Protection Network Security Intelligence & Analytics Se

Spotlight on Energy and Utilities Sector: Attacks Targeting ICS Systems Projected to Increase

There is an increased focus on cybersecurity among governments and energy and utilities organizations worldwide, and for good reason. Attacks on critical infrastructure such as fuel, electricity and drinking water carry the potential for damage far beyond their economic impact. As demonstrated by incidents such as the notorious shutdown of several Iranian nu
Publish At:2017-09-06 20:40 | Read:224 | Comments:0 | Tags:Advanced Threats Energy & Utility Threat Intelligence Energy

Know Your Data and Your Enemies: Establishing a Baseline for Proactive Threat Hunting

The purveyors of modern threats are not trying to simply deface your website or own your web server. These advanced attackers are attempting to siphon critical and sensitive data from your network over long periods of time, and do so undetected. Where Is Your Data? When threat hunting, at a minimum, you should know where your critical data is stored and how
Publish At:2017-09-06 20:40 | Read:197 | Comments:0 | Tags:Data Protection Incident Response Risk Management Security I

Seven Steps to Improve Your Security Operations and Response

It’s hard to escape the reality that every day, cyberthreats morph and expand, escalating the need to improve and tighten security operations and response practices. While it may feel overwhelming, there are ways to help level the playing field. Cognitive computing and machine learning are new technologies that can empower security practitioners to foc
Publish At:2017-09-05 09:35 | Read:148 | Comments:0 | Tags:CISO Cognitive Endpoint Incident Response Security Intellige

The Educator’s Back-to-School Cybersecurity Checklist: Make Mitigating Command Injection a Priority

Pencils? Check. Notebooks? Check. Web applications and servers patched and sanitized? Hopefully. In many parts of the world, educators and students in primary, secondary and higher education institutions are reviewing their checklists to ensure academic preparedness for the new school year. But what about the education sector’s IT workers? What should
Publish At:2017-08-30 20:10 | Read:113 | Comments:0 | Tags:Risk Management Threat Intelligence Academia Data Protection

Keep Intruders Out of Your Network With Proactive Threat Hunting

A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having accurate
Publish At:2017-08-30 20:10 | Read:175 | Comments:0 | Tags:Network Risk Management C-Suite Network Protection Network S

Just a Passing Fad? Fidget Spinners and the Malware Sandbox

This is the first installment in a three-part series about malware sandboxing. Stay tuned for more information. When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the same disd
Publish At:2017-08-29 10:15 | Read:231 | Comments:0 | Tags:Malware Threat Intelligence Advanced Malware Behavioral Anal

Using a Free Online Malware Analysis Sandbox to Dig Into Malicious Code

The continuous advancement and sophistication of cyberthreats has gradually decreased the sufficiency of traditional gateway and endpoint security solutions for protection against malware. These approaches were sufficient when malware occurred in small numbers and it was easy to differentiate between good and bad applications. Nowadays, there’s a world
Publish At:2017-08-28 12:55 | Read:229 | Comments:0 | Tags:Incident Response Malware Malware Analysis Sandbox Sandboxin

Blindfolded on the Battlefield: The Importance of Threat Hunting in the Modern Age

One of the fundamental problems with cybersecurity is that organizations often do not realize when they are compromised. Traditional incident response methods are typically reactive, forcing security teams to wait for a visible sign of an attack. The problem is that many attacks today are stealthy, targeted and data-focused. Just stop for a moment to ask you
Publish At:2017-08-23 22:25 | Read:156 | Comments:0 | Tags:Data Protection Risk Management Data Breach Threat Detection

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud