HackDig : Dig high-quality web security articles for hackers

Detecting and Mitigating Potential Container Escapes via CVE-2020-14386

On September 14, CVE-2020-14386 was reported as a “high” severity threat. This CVE is a kernel security vulnerability that enables an unprivileged local process to gain root access to the system. CVE-2020-14386 is a result of a bug found in the packet socket facility in the Linux kernel. It allows a bad actor to trigger a memory corruption that can be
Publish At:2020-09-16 20:49 | Read:167 | Comments:0 | Tags:Falco Google Cloud Kubernetes Sysdig Sysdig Secure Uncategor

StreamDivert: Relaying (specific) network connections

Author: Jelle Vergeer The first part of this blog will be the story of how this tool found its way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About 1½ half years ago I did an awesome Red Team like project.
Publish At:2020-09-10 15:25 | Read:131 | Comments:0 | Tags:audits Blog pentest Uncategorized

Fake web alerts – how to spot and stop them

bySean GallagherInternet scammers are always looking for a better way to separate unwitting device users from their money. And as with all other endeavors, they’ve learned that it pays to advertise.At SophosLabs we recently researched a collection of scams that exploit web advertising networks to pop up fake system alerts on both computers and mobile devices
Publish At:2020-09-09 10:19 | Read:101 | Comments:0 | Tags:Uncategorized Scam scam ads web scam

New KryptoCibule Windows Trojan spreads via malicious torrents

Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. The malware has been active since at least December 2018, it targets cryptocurrency user
Publish At:2020-09-02 09:35 | Read:182 | Comments:0 | Tags:Uncategorized cry KryptoCibule malware

Machine learning from idea to reality: a PowerShell case study

Detecting both ‘offensive’ and obfuscated PowerShell scripts in Splunk using Windows Event Log 4104 Author: Joost Jansen This blog provides a ‘look behind the scenes’ at the RIFT Data Science team and describes the process of moving from the need or an idea for research towards models that can be used in practice. More specifically, how known a
Publish At:2020-09-02 08:07 | Read:199 | Comments:0 | Tags:Uncategorized

Former Cisco employee pleads guilty to hacking, damaging company systems

A former Cisco employee has pleaded guilty to hacking charges and intentionally causing damage to the systems of his company. The former Cisco employee Sudhish Kasaba Ramesh (30) pleaded guilty in federal court in San Jose today to intentionally accessing a protected computer of his company without authorization and causing damage. The news was announc
Publish At:2020-08-28 16:45 | Read:221 | Comments:0 | Tags:Uncategorized CISCO Hacking hacking news information securit

Don’t Remove Stalkerware Before Reading This Article

Stalkerware is technically software with malicious intent, but security professionals should treat it as a different beast from other malware. Stalkerware is an app or apps that someone else can install on your device to intercept text messages and phone calls, send call logs, record web browsing activity and keystrokes and even access your location. And st
Publish At:2020-08-18 06:13 | Read:309 | Comments:0 | Tags:Software & App Vulnerabilities Uncategorized Malware Mobile

Data Democratization: Balancing Risk vs Reward Through Data Governance

Expanding employees’ access to the company’s data, known as data democratization, can be controversial. A more open attitude to data within the enterprise can give people the tools to fuel innovation and improve their bottom lines. However, it also can pose problems with security if not properly rolled out. As businesses work towards unleashing
Publish At:2020-08-11 07:00 | Read:258 | Comments:0 | Tags:Uncategorized Data Protection Data Security Governance Risk

NetWalker ransomware operators have made $25 million since March 2020

NetWalker ransomware operators continue to be very active, according to McAfee the cybercrime gang has earned more than $25 million since March 2020. McAfee researchers believe that the NetWalker ransomware operators continue to be very active, the gang is believed to have earned more than $25 million since March 2020. The malware has been active at le
Publish At:2020-08-04 06:15 | Read:219 | Comments:0 | Tags:Uncategorized

Can My Webcam Be Accessed Remotely?

Can My Webcam Be Accessed Remotely? July 28th, 2020 No Comments antivirus, Data Privacy, Data Protection, Online Privacy, Uncategorized With the huge increase of people working from home due to Covid-19, millions of home laptops and desktops are lay
Publish At:2020-07-28 16:14 | Read:369 | Comments:0 | Tags:antivirus Data Privacy Data Protection Online Privacy Uncate

Sextortion: All You Need to Know

Sextortion: All You Need to Know July 14th, 2020 No Comments anti-phishing, Data Privacy, Data Protection, Mobile Security, Online Privacy, Online Safety, Ransomware, Uncategorized Sextortion – a portmanteau of the words sex and extortion – is a bro
Publish At:2020-07-14 15:45 | Read:484 | Comments:0 | Tags:anti-phishing Data Privacy Data Protection Mobile Security O

Best practices for alerting on Kubernetes

A step by step cookbook on best practices for alerting on Kubernetes platform and orchestration, including PromQL alerts examples. If you are new to Kubernetes and monitoring, we recommend that you first read Monitoring Kubernetes in production, in which we cover monitoring fundamentals and open-source tools. Interested in Kubernetes monitoring
Publish At:2020-07-09 09:40 | Read:229 | Comments:0 | Tags:Uncategorized Kubernetes PromQL

Google buys AR smart-glasses company North

byLisa VaasGoogle announced on Tuesday that it’s purchased a smart-glasses company called North and, notwithstanding its failure to bring Google Glass wearables to the masses, still plans to caress our vision with the vast tentacles of its helpfulness. From the announcement, which was posted by Rick Osterloh, Senior Vice President, Devices & Servi
Publish At:2020-07-03 08:19 | Read:411 | Comments:0 | Tags:Google Mobile Privacy Uncategorized Focals Glass Google Glas

A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)

Authors: Rich Warren of NCC Group FSAS & Yun Zheng Hu of Fox-IT, in close collaboration with NCC’s RIFT. About the Research and Intelligence Fusion Team (RIFT): RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IOCs and detection capabilities to strategic reports o
Publish At:2020-07-01 00:08 | Read:301 | Comments:0 | Tags:Uncategorized

Beware “secure DNS” scam targeting website owners and bloggers

byPaul DucklinIf you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners.We certainly do – both Naked Security and our sister site Sophos News are hosted by WordPress VIP.That’s not a secret (nor is it meant to be), not least
Publish At:2020-06-29 11:39 | Read:294 | Comments:0 | Tags:Uncategorized DNS DNSSec phish Scam

Tools

Tag Cloud