HackDig : Dig high-quality web security articles for hackers

Attackers vs. Hackers – Two *Very* Different Animals

The cybersecurity industry is more well-informed than most, but even so, misconceptions arise and spread, helped along by the fact that the rise in cybersecurity incidents has led to substantial “pop culture” intrigue with all things cybersecurity.One of the more harmful of these misconceptions is the conflation of “hacker” and “attacker,” terms which are tr
Publish At:2020-11-11 03:37 | Read:202 | Comments:0 | Tags:Vulnerability Management attacker Hacker ransomware attacks

VERT Threat Alert: November 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-915 on Wednesday, November 11th. Note: Microsoft has changed their advisory format and no longer provides basic vulnerability descriptions.In-The-Wild & Disclosed CVEsCVE-2020-17087This CVE descr
Publish At:2020-11-10 19:49 | Read:256 | Comments:0 | Tags:VERT VERT News Vulnerability Management

N-Day Vulnerabilities: How They Threaten Your ICS Systems’ Security

In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security sectors.
Publish At:2020-11-03 00:37 | Read:191 | Comments:0 | Tags:Featured Articles Vulnerability Management ICS Vulnerabiltie

VERT Threat Alert: October 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th.In-The-Wild & Disclosed CVEsCVE-2020-16938This CVE describes an information disclosure in the Windows kernel that could allow a local attacker to disclose informatio
Publish At:2020-10-13 21:01 | Read:308 | Comments:0 | Tags:VERT VERT News Vulnerability Management

Cómo madurar un programa de gestión de vulnerabilidades

El panorama global de ciber-amenazas se encuentra en constante evolución lo cual resalta la necesidad emergente de que las organizaciones fortalezcan su capacidad para identificar, analizar y evaluar los riesgos tecnológicos antes de que evolucionen a incidentes de seguridad completamente. Cuando se trata de mitigar el riesgo, los términos “gestión de
Publish At:2020-09-30 12:20 | Read:230 | Comments:0 | Tags:Spanish Vulnerability Management VM whitepaper

The History of Common Vulnerabilities and Exposures (CVE)

During the late 1990s, security professionals were using information assurance tools in concert with vulnerability scanners to detect and remove vulnerabilities from the systems for which they are responsible.There’s just one problem – each security vendor has its own database with little to no crossover. Each vendor’s tool generates its own alert for detect
Publish At:2020-09-17 01:02 | Read:354 | Comments:0 | Tags:Featured Articles Vulnerability Management CVE Patch Managem

VERT Threat Alert: September 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th.In-The-Wild & Disclosed CVEsThere were no in-the-wild or disclosed CVEs included in this month’s security guidance.CVE Breakdown by TagWhile historical Microsoft
Publish At:2020-09-08 23:35 | Read:542 | Comments:0 | Tags:Featured Articles VERT VERT News Vulnerability Management

Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities – The CWE Top 25 (2020 Editio

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE). The CWE Top 25 is a community-developed list of the most dang
Publish At:2020-09-08 17:36 | Read:326 | Comments:0 | Tags:Featured Articles Vulnerability Management CWE vulnerabiliti

New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud

X-Force Red is unveiling a new research study, conducted by the Ponemon Institute, that highlights vulnerability management challenges for on-premises and cloud environments: in other words, hybrid multicloud. The report, “The State of Vulnerability Management in the Cloud and On-Premises,” is based on a global survey of 1,848 IT and IT security
Publish At:2020-08-17 07:03 | Read:571 | Comments:0 | Tags:Cloud Security Security Services Software & App Vulnerabilit

Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away

Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise.   The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have recalibrated to keep up with the c
Publish At:2020-08-06 09:54 | Read:496 | Comments:0 | Tags:Software & App Vulnerabilities Patch Management Shellshock V

Effective Threat Intelligence Through Vulnerability Analysis

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and com
Publish At:2020-07-30 15:37 | Read:493 | Comments:0 | Tags:Vulnerability Management ENISA Report threat analysis vulner

What’s New in the 2020 Cost of a Data Breach Report

In a world of uncertainty and change, it’s a comfort that some things are consistent year after year. Now in its 15th year, the annual Cost of a Data Breach Report, with research by the Ponemon Institute and published by IBM Security, continues to provide a detailed view of the financial impacts security incidents can have on organizations, with histo
Publish At:2020-07-29 08:52 | Read:462 | Comments:0 | Tags:Data Protection Threat Intelligence Threat Research Cost of

I Have Antivirus; I’m Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools

I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”.Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button is. Howeve
Publish At:2020-07-09 02:16 | Read:1160 | Comments:0 | Tags:Featured Articles Vulnerability Management Security Tools vu

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization.Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics and be rea
Publish At:2020-05-26 04:17 | Read:968 | Comments:0 | Tags:Vulnerability Management VM Mountain vulnerability managemen

The 4 Stages to a Successful Vulnerability Management Program

Have you ever been around someone who is just better at something than you are? Like when you were in school and there was this person who was effortless at doing things correctly? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they were a consistently high performer at eve
Publish At:2020-05-24 10:11 | Read:662 | Comments:0 | Tags:Vulnerability Management processes vulnerability management

Tools