HackDig : Dig high-quality web security articles for hacker

Critical Windows Search and Hyper-V Vulnerabilities Tackled by August’s Patch Tuesday

Microsoft has released their monthly security bulletin with 48 security patches—25 of which are labeled Critical, 21 are Important, and two are Moderate in severity. This was a standard batch of updates, addressing issues in Internet Explorer, Microsoft Edge, Windows, Microsoft SharePoint, Adobe Flash Player and Microsoft SQL Server. A majority of the critic
Publish At:2017-08-09 15:20 | Read:268 | Comments:0 | Tags:Vulnerabilities August Patch Tuesday

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:279 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players

Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And usually, for that purpose the game itself is abused. In the particular scenario we are describing in this
Publish At:2017-08-08 15:20 | Read:268 | Comments:0 | Tags:Exploits Vulnerabilities API Chat Program API Discord ROBLOX

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:248 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

Hire a Team of Hackers to Identify Vulnerabilities

It’s common to hear the phrase “never leave security to chance” in business. Given the rapid advancement and persistence of cybercrime, chief information security officers (CISOs) need the ability to deploy offensive security measures to protect their networks. One way to do this is to employ a team of hackers to proactively protect the or
Publish At:2017-08-04 20:10 | Read:767 | Comments:773 | Tags:CISO Risk Management Chief Information Security Officer (CIS

Virtualization-Based Security is Helping Security Professionals Relax

Virtualization’s continued journey across the enterprise led inevitably to security Enhanced security benefits using virtualization are powerful and compelling Virtualization takes the security responsibility off users and delivers control to IT Detection-based security doesn’t work. It’s an exhausted concept. The battle’s been waged for 30 years and the c
Publish At:2017-08-03 12:45 | Read:624 | Comments:0 | Tags:Innovation cybersecurity detection intelligence management p

Psychological Security: Helping Your Team Think Like Cybercriminals

Chance favors the prepared mind. That’s what famous chemist Louis Pasteur once said, but it’s also an important principle that applies to psychological security. Remember back in middle school when name-calling was a way we expressed our emotions? You’ll likely recall the common response: “It takes one to know one!” It Takes a
Publish At:2017-07-27 00:40 | Read:255 | Comments:0 | Tags:CISO Fraud Protection Cybercrime Cybercriminals Penetration

The Living Dead: How to Protect Legacy Systems

The recent widespread attacks of WannaCry and NotPetya both used known vulnerabilities of legacy operating systems, namely SMB v1 protocol. In general, known vulnerabilities are easy to mitigate as long as patches and updates are provided. But in these cases, many organizations seem to have ignored the advice to patch their systems — or maybe not. There ar
Publish At:2017-07-20 21:00 | Read:277 | Comments:0 | Tags:Network Risk Management Legacy Applications legacy systems n

Linux Users Urged to Update as a New Threat Exploits SambaCry 

by Mohamad Mokbel, Tim Yeh, Brian Cayanan A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to
Publish At:2017-07-18 21:10 | Read:263 | Comments:0 | Tags:Exploits Vulnerabilities exploit

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability

By Govind Sarda (Vulnerability Research) The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plu
Publish At:2017-07-13 12:15 | Read:378 | Comments:0 | Tags:Vulnerabilities Apache Struts Vulnerability

Are Your Online Mainframes Exposing You to Business Process Compromise?

by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But what if t
Publish At:2017-07-13 12:15 | Read:328 | Comments:0 | Tags:Vulnerabilities Business Process Compromise Mainframes Shoda

July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens

Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This month’s Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere. One notable vulnerability in this month’s Patch T
Publish At:2017-07-12 17:50 | Read:359 | Comments:0 | Tags:Exploits Vulnerabilities Vulnerability

A Primer on Cross-Site Scripting (XSS)

Cross-site scripting (XSS), which occurs when cybercriminals insert malicious code into webpages to steal data or facilitate phishing scams, has been around almost since the dawn of the web itself. Although it is an older exploit, it still appears frequently enough to land on the OWASP Top 10 list. It has even affected modern websites run by the FBI, the O
Publish At:2017-07-10 21:30 | Read:283 | Comments:0 | Tags:Application Security Application Scanning Cross-Site Scripti

July’s Android Security Bulletin Addresses Continuing Mediaserver and Qualcomm Issues

Google has released their Android security bulletin for July in two security patch level strings: the first dated 2017-07-01 and the succeeding one dated 2017-07-05. As always, Google urges users to update and avoid any potential security issues. Owners of native Android devices should apply the latest over-the-air (OTA) updates, and non-native Android devic
Publish At:2017-07-07 09:00 | Read:294 | Comments:0 | Tags:Mobile Vulnerabilities android Mediaserver Qualcomm

Going Through a Rough Patch in Your Security Program? Consistent Software Patching Can Solve Security Woes

Security is an imperfect art. It’s also an imperfect science. Whether it involves experimenting with certain tweaks or implementing proven standards and prescriptive advice, figuring out how to manage a security program is as complex as navigating any other business function. According to the Pareto Principle, security professionals should focus on the
Publish At:2017-07-03 23:50 | Read:282 | Comments:0 | Tags:Endpoint Network Risk Management Adobe Patch Patch Managemen

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Keywords