HackDig : Dig high-quality web security articles

Can you pass The Rekt Test?

Audits from Trail of Bits give organizations ways to fix their current issues and provide them with a roadmap to prevent the same security problems from occurring in the future. However, product teams don’t always implement the recommendations. This may be due to a lack of resources, a lack of institutional motivation, or several other internal reasons. Even
Publish At:2023-03-22 09:40 | Read:52527 | Comments:0 | Tags:Uncategorized

Why CNAPP Needs Runtime Insights to Shift Left and Shield Right

There’s an important shift happening in the cloud security industry: organizations are looking for an integrated platform that connects the dots between several key security use cases from source through production. Whether it is for tool consolidation, consistent end-to-end experience, or “one throat to choke,” customers are increasingly choosing a platform
Publish At:2023-03-17 17:35 | Read:89204 | Comments:0 | Tags:Uncategorized

What Is Cyber Essentials and How Can Heimdal Help Your Organization Achieve CE Compliance?

Cyber Essentials is a practical, government-backed scheme that will assist you in protecting your UK-based organization, no matter how large or small, against a wide range of common cyber attacks.It assists the UK’s most critical organizations, the wider public sector, industry, SMEs, and the general public. When incidents occur, they provide an effect
Publish At:2023-03-14 11:15 | Read:61163 | Comments:0 | Tags:Uncategorized cyber

What is the Future of Cyberattacks in 2030 (and Beyond)?

The year is 2030. The world is full of smart mega cities, digital surveillance is openly ubiquitous, cash transactions no longer exist, wired connections remain for only the most demanding data flows, the “Internet of Things” age is over and the “Everything is Internet” age is here, and we churn out data with every heartbeat –
Publish At:2023-03-03 11:43 | Read:111093 | Comments:0 | Tags:Risk Management Uncategorized attack surface management cybe

MITRE ATT&CK and D3FEND for Cloud and Containers

MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge base of adversarial tactics and techniques that can be used during cyber attacks. It is used to understand the methods and tools th
Publish At:2023-03-01 15:35 | Read:182158 | Comments:0 | Tags:Uncategorized CDR cloud container MITRE Sysdig Secure Cloud

Monitoring with Custom Metrics

Custom metrics are application-level or business-related tailored metrics, as opposed to the ones that come directly out-of-the-box from monitoring systems like Prometheus (e.g: kube-state-metrics or node exporter) By kickstarting a monitoring project with Prometheus, you might realize that you get an initial set of out-of-the-box metrics with just Node E
Publish At:2023-03-01 15:35 | Read:98814 | Comments:0 | Tags:Kubernetes Prometheus Uncategorized Monitoring

Hackers Claim They Breached Telus, Canada’s Second-largest Telecom Company

Telus is now investigating the possibility of a data breach affecting its corporate data. The Canadian telecom company started looking for an incident after hackers posted samples of Telus’ information, as they pretend.The sample contains employee data, source code, and payroll records. But, until now, the organization did not found proof of an attack.What D
Publish At:2023-02-24 12:11 | Read:89381 | Comments:0 | Tags:Cybersecurity News Uncategorized hack

Rackspace Ransomware Attack Update: What You Need to Know

During the recent Rackspace ransomware attack, the company confirmed hackers accessed customer data. Rackspace staff and cybersecurity researchers have been investigating the incident since it occurred, and new information has emerged.The attack, which Rackspace first confirmed on December 6, 2022,  impacted the company’s hosted Exchange Email service,
Publish At:2023-02-24 08:13 | Read:105127 | Comments:0 | Tags:Ransomware Uncategorized ransomware

Escaping well-configured VSCode extensions (for profit)

By Vasco Franco In part one of this two-part series, we escaped Webviews in real-world misconfigured VSCode extensions. But can we still escape extensions if they are well-configured? In this post, we’ll demonstrate how I bypassed a Webview’s localResourceRoots by exploiting small URL parsing differences between the browser—i.e., the Electron-created Chromiu
Publish At:2023-02-23 09:48 | Read:240309 | Comments:0 | Tags:Uncategorized

Europol Shuts Down a Franco-Israeli CEO Fraud Group

Europol put an end to the operations of a Franco-Israeli CEO fraud group. The threat actors used business email compromise (BEC) attacks to steal money. This led to €38,000,000 stolen in just a few days from one organization.Details About the Europol InvestigationIt took the collaboration between Europol, French, Croatian, Hungarian, Portuguese, and Spanish
Publish At:2023-02-20 12:11 | Read:98323 | Comments:0 | Tags:Cybersecurity News Uncategorized

The Growing Threat to Critical Infrastructure

In August 2022, the threat intelligence and cybersecurity company Cyble found 8,000 virtual network computing (VNC) instances exposed online. Additionally, this research revealed that most of these ports are in the United States, China and Sweden — putting many critical infrastructure companies at risk of attack. In an age where cybersecurity threats
Publish At:2023-02-20 11:39 | Read:146388 | Comments:0 | Tags:Uncategorized operational technology Critical Infrastructure

Reverse Tabnabbing

Reverse Tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. Here, the redirection happens through links  from the parent site to attacker’s site. In tabnabbing attackers take advantage and control of victims unattended browser tabs by hijacking and redirect
Publish At:2023-02-15 07:41 | Read:87634 | Comments:0 | Tags:Uncategorized

What Is Encryption as a Service (EaaS)? A Definitive Guide

Whether your company is subject to stringent cybersecurity regulatory requirements or you want to strengthen your overall security, encryption as a service is an effective way to protect sensitive data at rest and in transit.The thing is, many businesses need help properly encrypting all the data on their machines, servers, and the cloud. And this is exactly
Publish At:2023-02-03 16:09 | Read:307367 | Comments:0 | Tags:Endpoint security Uncategorized

10 Million JD Sports Customers Had Their Data Exposed in a Data Breach

The U.K. sports-fashion retail company JD Sports announced that one of its servers suffered a data breach. The server was holding details about the online orders of 10 million customers.All the information stored in the attacked server related to purchases made between November 2018 and October 2020.Details About the Data BreachJD Sports warned customers abo
Publish At:2023-01-31 12:10 | Read:319444 | Comments:0 | Tags:Cybersecurity News Uncategorized

What Is Spyware, What It Does, and How to Block It?

We are sure that you already heard of spyware, but are you curious to dive deeper into the consequences and types of this malware infection?This sneaky malicious software may be collecting your data as we speak, with only a few signs to give it away. Fortunately, there are ways to protect yourself, your data, your devices, and also software that can keep spy
Publish At:2023-01-27 12:10 | Read:214952 | Comments:0 | Tags:Endpoint security Uncategorized

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud