HackDig : Dig high-quality web security articles for hackers

Researchers Show Google's Titan Security Keys Can Be Cloned

Researchers have found a way to clone Google’s Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment.Security key devices are considered highly efficient when it comes to protecting accounts against ta
Publish At:2021-01-11 08:59 | Read:167 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities se

NVIDIA Ships Patches for High-Severity Security Flaws

NVIDIA this week announced the release of software updates for its GPU display drivers and vGPU software, with fixes for a total of 16 vulnerabilities.A total of six security flaws were patched in the NVIDIA GPU display driver, all of them affecting the kernel mode layer. Three of the bugs impact Windows only, one affects only Linux systems, and two impact b
Publish At:2021-01-08 18:35 | Read:164 | Comments:0 | Tags:Disaster Recovery Network Security NEWS & INDUSTRY Incid

DoS Vulnerabilities Found in Rockwell's FactoryTalk Linx and RSLinx Classic Products

Researchers have discovered vulnerabilities that expose Rockwell Automation’s FactoryTalk Linx and RSLinx Classic products to denial-of-service (DoS) attacks.According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impac
Publish At:2021-01-08 14:41 | Read:155 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Lacework Banks $525 Million as Cloud Security Market Heats Up

Lacework, a five-year-old cybersecurity company that automates security across enterprise cloud deployments, has reached unicorn status with the closing of a $525 million round of Series D financing.The Silicon Valley company, which automates security across public and private cloud deployments, is now valued north of $1 billion.Driven by post-pandemic digit
Publish At:2021-01-07 15:17 | Read:109 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security V

Ezuri Memory Loader Abused in Linux Attacks

Security researchers at AT&T’s Alien Labs have identified multiple malware attacks leveraging the Ezuri memory loader to execute payloads without writing them to disk. Executed directly in memory, without leaving traces on disk, fileless malware is commonly used in attacks targeting Windows systems, but isn’t often seen in malware attacks targeting
Publish At:2021-01-07 15:17 | Read:194 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Malware Ma

Vulnerabilities in Fortinet WAF Can Expose Corporate Networks to Attacks

Several potentially serious vulnerabilities discovered in Fortinet’s FortiWeb web application firewall (WAF) could expose corporate networks to attacks, according to the researcher who found them.Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product. According to advisories
Publish At:2021-01-07 11:23 | Read:102 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update

An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity. The company has awarded more than $100,000 for these vulnerabilities.These security flaws can be exploited remotely by unauthenticated attackers to execute arbitrary code and compromise the targeted systems. To trigger the weaknesses, an adversa
Publish At:2021-01-07 11:23 | Read:122 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

'Earth Wendigo' Hackers Exfiltrate Emails Through JavaScript Backdoor

A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan.  According to an advisory from Trend Micro, the attacks are linked to Earth Wendigo, a threat actor that does not appear to be affiliated with known hacking groups.Star
Publish At:2021-01-06 19:47 | Read:174 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Email Sec

Researchers Warn of New Ransomware Targeting Enterprise Networks

Security researchers have spotted a brand new ransomware family taking aim at corporate networks, warning that professional cybercriminals have already hit multiple organizations with the file-encryption scheme.The new ransomware family, called Babuk, has claimed at least four corporate victims facing data recovery extortion attempts.According to researcher
Publish At:2021-01-06 15:53 | Read:111 | Comments:0 | Tags:Disaster Recovery Endpoint Security NEWS & INDUSTRY Emai

U.S. Government Announces 'Hack the Army 3.0' Bug Bounty Program

The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne.Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17, and it’s open to both
Publish At:2021-01-06 11:59 | Read:100 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents

Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them.A German software developer, SoftMaker Software GmbH offers individuals and enterprises a popular office software suite that includes word processing, spreadsheet, prese
Publish At:2021-01-06 11:59 | Read:102 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

U.S. Releases Cybersecurity Plan for Maritime Sector

The U.S. government has released a plan with a list of top-priority items to mitigate threats and provide security to the crucial maritime sector.The National Maritime Cybersecurity Plan, which was made public (PDF) on Tuesday, highlights several priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.The maritime s
Publish At:2021-01-05 20:23 | Read:105 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Incident Response Comp

Crypto-Hijacking Campaign Leverages New Golang RAT

Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users.Discovered last month, the campaign is believed to have been active since January 2020, consisting of a fully-fledged marketing campaign, custom applications related to crypto-currency,
Publish At:2021-01-05 17:45 | Read:97 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Malware Ma

Data Security Providers Netwrix and Stealthbits Merge

Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. Founded in 2006, the Irvine, California-based Netwrix claims to provide over 10,000 organizations around the world with the necessary tools to reclaim control over sensitive, business-critical data, helping
Publish At:2021-01-05 16:29 | Read:132 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Audits Email S

SASE Provider iboss Banks $145 Million Equity Funding

Cloud-delivered network security startup iboss on Tuesday announced the closing of a new $145 million financing deal to speed up growth in a lucrative market.iboss, founded by twin brothers Paul and Peter Martini five years ago, previously banked $35 million in venture capital funding from Goldman Sachs.The new round of financing was led by NightDragon and F
Publish At:2021-01-05 16:29 | Read:207 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Audits


Tag Cloud