HackDig : Dig high-quality web security articles

Overview of IoT threats in 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number ha
Publish At:2023-09-21 07:16 | Read:106566 | Comments:0 | Tags:Publications Botnets Darknet DDoS-attacks Honeypot Internet

The mystery of the CVEs that are not vulnerabilities

A researcher specializing in Software Supply Chain security named Dan Lorenc recently raised an interesting topic on LinkedIn. 138 new vulnerabilities in open-source projects were all entered the same day to the CVE database. To understand what the problem is there are a few things you’ll need to know. CVSS – The Common Vulnerability Scorin
Publish At:2023-09-19 22:07 | Read:122322 | Comments:0 | Tags:Business Exploits and vulnerabilities News CVE NVD vulnerabi

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third (38%) of surveyed organizations fell victim to a repeat ransomware attack. This means that they
Publish At:2023-09-11 22:07 | Read:114426 | Comments:0 | Tags:News Ransomware ransomware reinfection stolen credentials vu

From Caribbean shores to your devices: analyzing Cuba ransomware

Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics, techniques and procedures. We hope this article will help you to s
Publish At:2023-09-11 07:16 | Read:104897 | Comments:0 | Tags:SOC TI and IR posts Backdoor Drivers Incident response Malw

IT threat evolution in Q2 2023. Non-mobile statistics

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Ka
Publish At:2023-08-30 07:15 | Read:204740 | Comments:0 | Tags:Malware reports Apple MacOS Financial malware Google Chrome

Does the Downfall vulnerability affect Intel Macs?

Back in January 2018, news of the Spectre and Meltdown vulnerabilities took the world by surprise. Several independent research groups began publishing details about the speculative execution vulnerabilities. The flaws affected various processor architectures, most notably Intel, but also AMD, and even ARM-based processors like those found in iPhones and i
Publish At:2023-08-19 04:55 | Read:263173 | Comments:0 | Tags:Security & Privacy vulnerabilities Vulnerability

MOVEit Transfer fixes three new vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about three new vulnerabilities in Progress Software's MOVEit software. A cybercriminal could exploit some of these vulnerabilities to obtain sensitive information. In the advisory, CISA encouraged users to review Progress’ MOVEit Transfer article and apply the updates. Th
Publish At:2023-07-10 22:04 | Read:799807 | Comments:0 | Tags:Exploits and vulnerabilities News Ransomware Progress MOVEit

Reducing your attack surface is more effective than playing patch-a-mole

On June 13, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-02. BOD 23-02 is titled Mitigating the Risk from Internet-Exposed Management Interfaces, and requires federal civilian agencies to remove specific networked management interfaces from the public-facing internet, or implement Zero Trust A
Publish At:2023-06-22 22:04 | Read:635492 | Comments:0 | Tags:News CISA BOD 23-02 Internet exposed management interfaces v

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

Introduction In today’s interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. However, as these devices become more sophisticated, they also become more vulnerable to cyberattacks. In this blog post, we’ll discuss
Publish At:2023-06-20 07:13 | Read:625441 | Comments:0 | Tags:Research Internet of Things Smart home Vulnerabilities Secur

IT threat evolution in Q1 2023. Non-mobile statistics

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Ka
Publish At:2023-06-07 04:29 | Read:818171 | Comments:0 | Tags:Malware reports Apple MacOS Browser Financial malware Intern

Is Patching the Holy Grail of Cybersecurity?

A proactive approach to cybersecurity includes ensuring all software is up-to-date across assets. This also includes applying patches to close up vulnerabilities. This practice minimizes risk, as it eliminates outdated software versions in the process. Does this make patching a catch-all cybersecurity solution? While patching is an important component of cy
Publish At:2023-05-18 11:13 | Read:913289 | Comments:0 | Tags:Risk Management patching Cybersecurity Patch Management Vuln

Money’s in the Bank – DDoS Attackers Know That

DDoS attacks have always been the reliable weapon of choice for threat actors worldwide. But as networks become more complex, DDoS attacks have become more sophisticated and malicious in the damage they inflict, especially on a bank. For various reasons, stemming from ideological to plain greed, DDoS attackers seek to disrupt organizations’ activity, and som
Publish At:2023-05-18 10:47 | Read:947839 | Comments:0 | Tags:Blog bank banks cybersecurity ddos ddos attack ddos attacks

Gaming Industry Must Level Up For DDoS Attacks

Distributed denial of service (DDoS) attacks present a significant threat to organizations as they grow in sophistication and frequency. According to several studies, the average successful DDoS attack in 2022 lasted for over 50 hours, compared to 30 minutes in 2021. As the entertainment world’s largest source of income, the gaming industry has become a prom
Publish At:2023-05-07 06:49 | Read:1242862 | Comments:0 | Tags:Blog Automated DDoS testing Cyber Attack cybercrime cybersec

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors a
Publish At:2023-03-23 14:45 | Read:1265784 | Comments:0 | Tags:Data Protection Risk Management attack surface management cy

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this pi
Publish At:2023-02-24 11:39 | Read:1186233 | Comments:0 | Tags:Risk Management Threat Hunting cyber threats types of vulner


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud