HackDig : Dig high-quality web security articles for hackers

It’s Always DNS – But Not in the Way You May Think

A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues.DNS (short for the Domain Name System) continues to be described as “the phonebook of the Internet,” but many people, including most readers of this blog, will be
Publish At:2021-01-11 02:08 | Read:226 | Comments:0 | Tags:Cyber Security DNS Domain Name System HTTPS Network Security

United States wants HTTPS for all government sites, all the time

byPaul DucklinThe US government just announced its plans for HTTPS on all dot-gov sites.HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar.Actually, the government is going one step further than that.As well as saying all dot-gov sites should be available over HTTP
Publish At:2020-06-23 12:49 | Read:680 | Comments:0 | Tags:Uncategorized Encryption https TLS US government web securit

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/setting
Publish At:2017-01-07 18:45 | Read:18686 | Comments:0 | Tags:OWASP Client Side Attack CORS CORS Vulnerability and Patch C

A Glimpse at Petya Ransomware

Ransomware has become an increasingly serious threat. Cryptowall, TeslasCrypt and Locky are just some of the ransomware variants that infected large numbers of victims. Petya is the newest strain and the most devious among them. Petya will not only encrypt files but it will make the system completely useless, leaving the victim no choice but to pay for the r
Publish At:2016-11-21 23:35 | Read:8798 | Comments:0 | Tags:Featured ThreatTrack Security Labs cybersecurity information

5 Best WordPress Security Plugins to Keep Your Site Secure

WordPress (WP) is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WP-operated sites.In this post, we
Publish At:2016-07-12 10:30 | Read:6158 | Comments:0 | Tags:Featured Articles Security Awareness Infosec security Web Se

Drupal - Insecure Update Process

By Fernando ArnaboldiSecurity updates are a common occurrenceonce you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hoursafter a security update was released. This means that Drupal updates must bechecked as frequently as possible (even though by default, Drup
Publish At:2016-01-06 18:15 | Read:8389 | Comments:0 | Tags:application security drupal fernando arnaboldi hacking updat

Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses

Despite calls to eliminate Adobe Flash Player, researchers inside and outside the vendor continue to invest in and build mitigations against modern attacks.As recently as three weeks ago, Adobe announced it had rewritten its memory manager, laying the groundwork for widespread heap isolation, which is an important protection against use-after-free vulnerabil
Publish At:2016-01-06 03:20 | Read:5840 | Comments:0 | Tags:Web Security Vulnerabilities adobe adobe flash Vupen Adobe F

Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack

An attacker in a man-in-the-middle position could abuse a STARTTLS downgrade vulnerability in the Cisco Jabber client-server negotiation in order to intercept communication.Cisco warned its customers yesterday, but has yet to patch the vulnerability, which affects the Cisco Jabber clients for Windows, iPhone, iPad and Android. Researchers Renaud Dubourguai
Publish At:2016-01-05 09:15 | Read:5517 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security Cisco Cisco Jabber

Six Things to Watch for in 2016

Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year. Rather than intrusions permeating our IT systems and stealing our data, attacks got a bit more personal in 2015. Not only were privacy and civil liberties put at risk by legislators pushing overbearing rules based o
Publish At:2015-12-31 20:45 | Read:6915 | Comments:0 | Tags:Hacks Malware Vulnerabilities Web Security apt car hacking h

Finding and Exploiting Same Origin Method Execution vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick
Publish At:2015-12-31 16:50 | Read:7599 | Comments:0 | Tags:exploitation Open Source pentesting pentura privacy security

Oracle Settles with FTC Over ‘Deceptive’ Java Security Updates

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform.Since then, Oracle has improved the Java user experience by denying unsigned applets the ability to execute by default, and putting security r
Publish At:2015-12-22 19:45 | Read:5727 | Comments:0 | Tags:Web Security Vulnerabilities Government vulnerabilities gove

Google Search Rankings Prefer HTTPS by Default

Nothing in Google’s arsenal carries more weight than its search engine rankings. Pair that weapon with a desire to inspire encrypted connections on the web, and you have a pretty powerful combination.More than a year ago, Google said it was testing a method where a site’s search ranking would be influenced by whether it was using an HTTPS connect
Publish At:2015-12-19 01:20 | Read:6191 | Comments:0 | Tags:Cryptography Google Privacy Web Security cryptography Encryp

Critical Flaws Found in Network Management Systems

Four leading network management system providers are busying patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7.Two of the affected vendors, Spiceworks and Opsview, have already patched their respective products, while Ipswitch had promised to patch two bugs in its NMS p
Publish At:2015-12-18 07:15 | Read:6149 | Comments:0 | Tags:Vulnerabilities Web Security Castle Rock Computing cross-sit

Facebook, Researcher Spar Over Instagram Vulnerabilities

A security researcher is in a bit of a scrum with Facebook over vulnerability disclosures that not only tested the boundaries of the social network’s bug bounty program, but he said, also prompted hints of legal and criminal action.Wesley Wineberg, a contract employee of security company Synack, said today in a personal blogpost and in emails with Thre
Publish At:2015-12-18 07:15 | Read:5388 | Comments:0 | Tags:Privacy Uncategorized Vulnerabilities Web Security Alex Stam

Juniper Finds Backdoor that Decrypts VPN Traffic

Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices.Juniper has not commented on the origin of the code it found. However, Juniper’s products were singled out, among others, in the National Secur
Publish At:2015-12-18 07:15 | Read:5798 | Comments:0 | Tags:Privacy Vulnerabilities Web Security backdoor Bob Worrall Ju


Tag Cloud