HackDig : Dig high-quality web security articles for hacker

Red Teaming: How to Run Effective Cyber-Drills?

What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and other questions related to red teaming.What is Red Teaming?The red team attacks, the blue team defends. The simple rules of
Publish At:2020-02-28 00:43 | Read:72 | Comments:0 | Tags:Vulnerability Management Blue Team pentest Red Team

A Guide to Easy and Effective Threat Modeling

Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors and the assets most desired by an attacker. Ef
Publish At:2020-02-27 09:41 | Read:182 | Comments:0 | Tags:Application Security Security Intelligence & Analytics Appli

What’s Old Is New, What’s New Is Old: Aged Vulnerabilities Still in Use in Attacks Today

As reported in the IBM X-Force Threat Intelligence Index 2020, X-Force research teams operate a network of globally distributed spam honeypots, collecting and analyzing billions of unsolicited email items every year. Analysis of data from our spam traps reveals trending tactics that attackers are utilizing in malicious emails, specifically, that threat actor
Publish At:2020-02-26 10:55 | Read:205 | Comments:0 | Tags:Threat Intelligence Dark Web Exploit Macro Malware Macros Ma

To Rank or Not to Rank Should Never Be a Question

Let’s face it: Vulnerability management is not what it used to be a decade ago. Actually, it is not what it used to be a couple of years ago. Vulnerability management is one of those ever-evolving processes. Whether it is because of compliance mandates, board demands, an overall desire to reduce risk, all of these objectives or none, almost every organ
Publish At:2020-02-20 10:49 | Read:199 | Comments:0 | Tags:Endpoint Risk Management Software & App Vulnerabilities Clou

How Do You Measure the Success of Your Patch Management Efforts?

If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in patch management. The question that arises, then, is why? There are two sides to this story: A technical one and a pr
Publish At:2020-02-09 10:30 | Read:205 | Comments:0 | Tags:Endpoint Risk Management Business Continuity Common Vulnerab

10 Reasons Your Organization Is Potentially at Risk of a Ransomware Attack

Does ransomware respect the holiday season? With ransomware attacks attempted every 14 seconds, it’s not likely attackers take any days off. The threat of ransomware keeps growing, and in Q1 2019, researchers noted a 118 percent rise in malware strains in this category. Behind these rising numbers are cybercrime syndicates that continue to push ransomw
Publish At:2019-10-18 10:20 | Read:435 | Comments:0 | Tags:Identity & Access Incident Response Threat Intelligence Cybe

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 1

The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to tou
Publish At:2019-10-18 10:10 | Read:506 | Comments:0 | Tags:Vulnerability Management ML1 VM Vulnerability

Threat Intelligence: A Tear-Free Solution to Help SOC Analysts Prepare for the Next WannaCry

It’s been nearly six months since the WannaCry ransomware stole global headlines and thousands of security practitioners flocked to threat intelligence feeds to help streamline their investigations. While the security community has learned many valuable lessons from the attack, it’s impossible to say that a strike of this magnitude won’t ha
Publish At:2017-10-26 01:10 | Read:4671 | Comments:0 | Tags:Malware Security Intelligence & Analytics Threat Intelligenc

Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel

How often have you heard a co-worker say that he or she had to put out a fire? Depending on your job role, you may have anywhere from one to more than a dozen so-called fires weekly. A zero-day vulnerability is an example of a work-related fire that a security operations analyst might have to extinguish. Enterprises should be prepared to handle zero-day fir
Publish At:2017-10-22 05:00 | Read:5158 | Comments:0 | Tags:Advanced Threats Endpoint Risk Management Software & App Vul

Basic Security Tools You Cannot Afford to Miss in Your Risk Management Program

Risk management is the process of identifying, assessing and controlling threats to an organization. It is also a way to increase the security maturity of an organization. Risk management allows you to think about security more strategically and answer the questions that come from your company board, such as: How many times was the organization attacked? Is
Publish At:2017-10-03 08:40 | Read:4441 | Comments:0 | Tags:CISO Incident Response Risk Management Incident Management I

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:4766 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:3953 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:5611 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:4422 | Comments:0 | Tags:Application Security Risk Management Application Development

Eight Myths Not to Believe About Penetration Testing

Penetration testing — the process of trying to break into one’s own system to find vulnerabilities before cybercriminals do — is an integral part of information security. The data gleaned from these evaluations can help companies remediate flaws in their security infrastructure before fraudsters have a chance to expose them. Dispelling Eight Penetratio
Publish At:2017-08-10 20:40 | Read:4116 | Comments:0 | Tags:Data Protection Risk Management Data Breaches Penetration Te

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud