HackDig : Dig high-quality web security articles for hackers

Best practices for alerting on Kubernetes

A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples. If you are new to Kubernetes and monitoring, we recommend that you first read Monitoring Kubernetes in production, in which we cover monitoring fundamentals and open-source tools. Interested in Kubernetes monitoring
Publish At:2020-07-09 09:40 | Read:60 | Comments:0 | Tags:Uncategorized Kubernetes PromQL

Google buys AR smart-glasses company North

byLisa VaasGoogle announced on Tuesday that it’s purchased a smart-glasses company called North and, notwithstanding its failure to bring Google Glass wearables to the masses, still plans to caress our vision with the vast tentacles of its helpfulness. From the announcement, which was posted by Rick Osterloh, Senior Vice President, Devices & Servi
Publish At:2020-07-03 08:19 | Read:170 | Comments:0 | Tags:Google Mobile Privacy Uncategorized Focals Glass Google Glas

A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)

Authors: Rich Warren of NCC Group FSAS & Yun Zheng Hu of Fox-IT, in close collaboration with NCC’s RIFT. About the Research and Intelligence Fusion Team (RIFT): RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IOCs and detection capabilities to strategic reports o
Publish At:2020-07-01 00:08 | Read:115 | Comments:0 | Tags:Uncategorized

Beware “secure DNS” scam targeting website owners and bloggers

byPaul DucklinIf you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners.We certainly do – both Naked Security and our sister site Sophos News are hosted by WordPress VIP.That’s not a secret (nor is it meant to be), not least
Publish At:2020-06-29 11:39 | Read:75 | Comments:0 | Tags:Uncategorized DNS DNSSec phish Scam

REvil operators threaten to leak files stolen from Australian firm Lion

Australian beverage company Lion announced that it has found no evidence that hackers have stolen information from its systems. The Australian brewery and dairy conglomerate Lion suffered two cyber attacks in a few days this month. Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese beverage gian
Publish At:2020-06-29 05:00 | Read:120 | Comments:0 | Tags:Uncategorized Hacking hacking news information security news

Patch time! NVIDIA fixes kernel driver holes on Windows and Linux

byPaul DucklinThe latest security patches from NVIDIA, the maker of high-end graphics cards, are out.Both Windows and Linux are affected.NVIDIA hasn’t yet given out any real details about the bugs, but 12 different CVE-tagged flaws have been fixed, numbered sequentially from CVE-2020-5962 to CVE-2020-5973.As far as we can tell, none of the bugs can be
Publish At:2020-06-25 11:08 | Read:136 | Comments:0 | Tags:Uncategorized EoP kernel driver NVIDIA security patch vulner

Glupteba – the malware that gets secret messages from the Bitcoin blockchain

byPaul DucklinHere’s a SophosLabs technical paper that should tick all your jargon boxes!Our experts have deconstructed a strain of malware called Glupteba that uses just about every cybercrime trick you’ve heard of, and probably several more besides.Like a lot of malware these days. Glupteba is what’s known a zombie or bot (short for softw
Publish At:2020-06-24 15:50 | Read:80 | Comments:0 | Tags:Uncategorized

United States wants HTTPS for all government sites, all the time

byPaul DucklinThe US government just announced its plans for HTTPS on all dot-gov sites.HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar.Actually, the government is going one step further than that.As well as saying all dot-gov sites should be available over HTTP
Publish At:2020-06-23 12:49 | Read:144 | Comments:0 | Tags:Uncategorized Encryption https TLS US government web securit

Anatomy of a survey scam – how innocent questions can rip you off

byPaul DucklinWe’ve been receiving loads of survey scam emails lately – and you probably get heaps of these, too.So we thought we’d take you through a recent scam from go to woe, with screenshots to document the path that the crooks lured us along.Sometimes, a picture is worth 1000 words (or 1024 words, if you are accustomed to binary numbe
Publish At:2020-06-22 13:39 | Read:163 | Comments:0 | Tags:Uncategorized fraud phising Scam Survey

Avon cosmetics suffers “cyber incident” – but was it ransomware?

byPaul DucklinGlobal direct-sales cosmetics company Avon has filed two reports with the US Securities and Exchange Commission in the past few days.The reports are known as Form 8-K filings, used to advise investors about unplanned issues affecting a listed company – all the way from the resignation of a director to failing to meet a financial obligatio
Publish At:2020-06-17 13:58 | Read:253 | Comments:0 | Tags:Uncategorized Avon breach disclosure data breach doppelpayme

Eavesdroppers can use light bulbs to listen in from afar

byDanny BradburyResearchers have come up with an ingenious way to listen in on conversations in a room at a distance without relying on planted bugs, sophisticated lasers, or eagle-eyed lip readers: they just stare at a light bulb.The project, led by Ben Nassi of the Ben-Gurion University of the Negev in Israel, recovers speech from a room with a bulb in rea
Publish At:2020-06-16 14:48 | Read:132 | Comments:0 | Tags:Uncategorized air-gapping

Intel announces “exploit busting” features in its next processor chips

byPaul DucklinIntel is adding two new exploit detection systems into its forthcoming processors.The new technology has been at least four years in the making, according the chip giant’s recently updated specification document, which contains a “version 1.0” release date of June 2016.Intel’s PR machine has been making waves about the s
Publish At:2020-06-16 14:48 | Read:242 | Comments:0 | Tags:Uncategorized ASLR CET DEP Exploit gadget intel ROP vulnerab

CoVID-19-Related Malicious Apps Soar

CoVID-19-Related Malicious Apps Soar June 11th, 2020 No Comments Uncategorized Several coronavirus-themed apps, often those offering disease-related information and help for users, have been found to be fraudulent, as they contain dangerous malware.
Publish At:2020-06-11 05:20 | Read:132 | Comments:0 | Tags:Uncategorized

We stand beside the Black community and everyone negatively impacted during this fight against racism and injustice

This is a longer statement that Suresh shared on LinkedIn earlier today. Watching the events unfold around the United States over the last few days has been heartbreaking. At Sysdig, one of our core values that has not changed since our doors opened is our commitment to diversity and inclusion. We stand beside the Black community and everyone negativ
Publish At:2020-06-02 01:59 | Read:173 | Comments:0 | Tags:Uncategorized

Google sued by Arizona for tracking users’ locations in spite of settings

byLisa VaasArizona has filed suit against Google over tracking users’ locations even after they’ve turned tracking off, claiming that the advertising-fueled tech titan has a “complex web of settings and purported ‘consents'” that enable it to furtively milk us for sweet, sweet ad dollars.On Wednesday, State Attorney General Mark
Publish At:2020-05-29 06:41 | Read:326 | Comments:0 | Tags:Android Google Law & order Mobile Privacy Uncategorized Ariz

Announce

Share high-quality web security related articles with you:)

Tools