HackDig : Dig high-quality web security articles for hackers

Made in IBM Labs: Solution for Detecting Cyber Intrusions to Connected Vehicles, Part I

Co-authored by Yaron Wolfsthal Since the inception of the first vehicles in the early 20th century, the automotive industry has gone a long way to satisfy market-driven requirements and evolve cars into a means of transportation that engages state-of-the-art electronics and information technology for passengers’ comfort and entertainment. The Value of
Publish At:2015-09-09 12:55 | Read:4249 | Comments:0 | Tags:Vulns / Threats automotive computing systems Connected Vehic

Spotting the Trouble Ahead With Proper Visibility Into Your Network

You don’t know what you don’t know; that seems to be the mantra for most information security programs today. Security visibility is grossly lacking in so many environments. For many, this ignorance — and the ensuing lack of security alerts — is bliss. No Visibility Equals No Worries — Right? I’ve seen it time and again: Management, includi
Publish At:2015-08-21 11:35 | Read:3435 | Comments:0 | Tags:Advanced Threats Vulns / Threats Cybersecurity Endpoint Secu

Reducing the Application Attack Surface: Breaking Payloads With Runtime Code Stripping and Image Freezing

Co-authored by Matthias Neugschwandtner. Recently, collaborative research efforts between Northeastern University and IBM devised a means to reduce a Windows application’s attack surface by removing unused functions from libraries that are loaded dynamically, known as Dynamic Link Libraries (DLLs). The researchers will present their findings at Black H
Publish At:2015-08-06 20:05 | Read:3207 | Comments:0 | Tags:Application Security Software & App Vulnerabilities Vulns /

The Top Ways Cybercriminals Infiltrate Retailers’ Systems and Steal Customer Data

You may have heard an iconic line attributed to infamous bank robber Willie Sutton: When asked why he robbed banks, he responded by saying “because that’s where the money is.” Here we are in 2015, and the story is no different regarding the security of point-of-sale (POS) systems in retail environment. Criminals seek out these systems becau
Publish At:2015-08-01 00:40 | Read:4413 | Comments:0 | Tags:Malware Retail Vulns / Threats Point-of-Sale (POS) Systems P

DDoS Extortion: Easy and Lucrative

Distributed denial-of-service (DDoS) attacks are nothing new, nor is the fact that they’re being used to create a profit. But the fact that DoS has become a lucrative criminal enterprise is something likely to become even more popular. “Send us 100 bitcoins and we’ll go away” is a common message in the inbox of chief financial officer
Publish At:2015-07-15 23:45 | Read:2635 | Comments:0 | Tags:Network & Endpoint Vulns / Threats Cyber Extortion Cybersecu

Is PCI Compliance Enough to Protect Us From Advanced Threats?

There are several threats around the payment card industry (PCI) receiving wider public scrutiny now that the chip-and-PIN standard is set to become mandatory in the U.S. by Oct. 1, 2015. The Europay, MasterCard and Visa (EMV) standard is being implemented after years of use in Europe, and it will institute a liability shift whereby the party causing a fraud
Publish At:2015-06-24 12:25 | Read:3887 | Comments:0 | Tags:Data Protection Vulns / Threats Advanced Threats EMV Man-in-

RSA Conference: Six Must-Attend Sessions for CISOs

The RSA Conference is considered a must-attend event for all chief information security officers (CISOs). It is not only an opportunity to meet and network with other CISOs, but it also lets you engage with a wide range of thought leaders in the security industry. Many of these thought leaders are attending the conference for the sole purpose of sharing know
Publish At:2015-04-14 09:30 | Read:4269 | Comments:0 | Tags:CISO IBM X-Force Vulns / Threats C-Suite Chief Information S

How STIX, TAXII and CybOX Can Help With Standardizing Threat Information

Evolving Landscape The security threat and intelligence landscape is evolving faster than ever before thanks to more and more advanced, capable and motivated adversaries. For example, the various entities powering Regin, Carbanak and Dyre had no lack of resources and motivation to pursue their goals. To keep up with these increasingly complex attacks, we hav
Publish At:2015-03-26 17:00 | Read:4521 | Comments:0 | Tags:Infrastructure Protection Threat Intelligence Vulns / Threat

Analyzing Queries on a Honeypot Name Server for Better DNS Log Quality

Internet Noise Honeypots are an easy and popular way to get statistics on the “Internet noise.” Getting more knowledge on Internet noise gives you more insight into what is out there and is one of the sources that helps in getting better security analytics. I was curious what kind of traffic a honeypot name server receives in a public cloud; my r
Publish At:2015-03-16 16:35 | Read:5464 | Comments:0 | Tags:Infrastructure Protection Security Intelligence & Analytics

Broken Web Browsers: Malware’s New Address?

Malware has a new address: Web browsers. This is not the first time malicious code has set up shop in popular access tools such as Microsoft Internet Explorer and Google Chrome, but according to new research from the Ponemon Institute detailed in a recent Infosecurity Magazine article, browser vulnerabilities are on the rise. What can companies do to keep co
Publish At:2015-02-20 04:55 | Read:3255 | Comments:0 | Tags:Software & App Vulnerabilities Vulns / Threats Cybersecurity

Ghost in the Machine: Linux Zero-Day Vulnerability Opens Door for Attack

On Tuesday, Jan. 27, a zero-day vulnerability (CVE-2015-0235) was disclosed in the Linux operating system that allows malicious code to be executed on servers that use the GNU C Library (glibc) functionality. Linux programs that contain glibc are also affected. The specific call, gethostbyname(), can be triggered by any type of Domain Name System (DNS) resol
Publish At:2015-01-29 19:40 | Read:3974 | Comments:0 | Tags:Software & App Vulnerabilities Vulns / Threats Ghost IBM X-F

How Physical Security Defenses Influence Cybersecurity

There is no doubt that today’s cybersecurity arena is dynamic, fast and under constant evolution — indeed, it is seemingly impossible to keep up with. Every day, some breach or another is announced, the next world-ending vulnerability is discovered or the latest big data analytics solution is released that is going to solve everything. It is certainly
Publish At:2015-01-22 20:50 | Read:4519 | Comments:0 | Tags:Fraud Protection Security Intelligence & Analytics Vulns / T

No Holiday Bonanza for Cybercriminals During 2014 Holiday Shopping Season

Every year, retailers dedicate a tremendous amount of energy preparing to take advantage of the holiday shopping season that kicks off with Black Friday and Cyber Monday. They often institute an annual “holiday freeze” period to avoid affecting sales and technology performance with new technology or buggy patches. The reason is obvious: These are
Publish At:2015-01-05 21:35 | Read:4560 | Comments:0 | Tags:IBM X-Force Industries Vulns / Threats Black Friday Cyber Mo

The Responsible Disclosure Policy: Safeguard or Cybercriminal Siren Song?

From Heartbleed to Shellshock and Poodle to Backoff, this has been a banner year for software vulnerabilities. Despite their appearance on myriad devices across a host of industries and operating systems, these threats share a common thread: They’ve all been disclosed to the public. The ensuing security fallout has some experts wondering whether a resp
Publish At:2014-12-26 19:15 | Read:4344 | Comments:0 | Tags:Application Security Data Protection Identity & Access Mobil

CMS Hacking: 2014 by the Numbers

This year was a banner year for content management system (CMS) hacking. All the big names, including WordPress, Drupal and Joomla, were targeted in 2014, resulting in thousands of breaches that opened back doors, uploaded Trojans and created large-scale botnets for denial-of-service attacks. The following are the big-number takeaways from these CMS vulnerab
Publish At:2014-12-19 23:45 | Read:3763 | Comments:0 | Tags:Advanced Threats Risk Management Software & App Vulnerabilit