HackDig : Dig high-quality web security articles

Out of Band (OOB) Data Exfiltration via DNS

span class="entry-content post-content">Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS.Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods
Publish At:2022-04-01 02:07 | Read:2002 | Comments:0 | Tags:Featured Articles IT Security and Data Protection data exfil

Prioritizing Cybersecurity Throughout All Web Development Sprints

No one doubts the importance of cybersecurity in web development — and yet, often in the development cycle, we neglect to prioritize it across each sprint and into the final product. Making cybersecurity a priority throughout every development sprint cycle is necessary to combat the tide of digital attacks threatening the modern web. But how can you ensure y
Publish At:2022-02-17 02:07 | Read:2384 | Comments:0 | Tags:Cyber Security best practice web development Web Security se

How to defend your website against card skimmers

Black Friday and the holiday season are approaching, and shoppers are forecast to spend record amounts again this year. Retail websites big and small can expect a lot of interest from shoppers looking for deals, and a lot of interest from cybercriminals looking to cash in on those shoppers, by stealing their credit card details with stealthy card skimmers.
Publish At:2021-11-22 16:14 | Read:3526 | Comments:0 | Tags:Web threats black friday card skimmers web security web skim

Cybersecurity and OWASP in an Increasingly Digital World

As the world increasingly moves to a digital format, cybersecurity is becoming more important than ever. It’s especially significant since, according to a recent survey by Sophos, 51% of businesses in America experienced a ransomware attack in 2020. That’s a staggering number of security vulnerabilities that truly shouldn’t exist in the modern day and age.&n
Publish At:2021-11-09 02:04 | Read:3384 | Comments:0 | Tags:Cyber Security cybersecurity Guidelines OWASP Web Security s

Scams Starting on Social Media and Targeting Your Business

Social media is no stranger to scams. However, recent trends show scammers have started to show more aggression toward businesses since the beginning of the pandemic. Being able to recognize these scams can help you prevent injury to your business.Social Media as a Newer Cybercrime Platform for Targeting BusinessesScammers go where the people are. Today, mor
Publish At:2021-02-15 00:38 | Read:2759 | Comments:0 | Tags:IT Security and Data Protection cybercrime cybercriminals sc

It’s Always DNS – But Not in the Way You May Think

A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues.DNS (short for the Domain Name System) continues to be described as “the phonebook of the Internet,” but many people, including most readers of this blog, will be
Publish At:2021-01-11 02:08 | Read:2985 | Comments:0 | Tags:Cyber Security DNS Domain Name System HTTPS Network Security

United States wants HTTPS for all government sites, all the time

byPaul DucklinThe US government just announced its plans for HTTPS on all dot-gov sites.HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar.Actually, the government is going one step further than that.As well as saying all dot-gov sites should be available over HTTP
Publish At:2020-06-23 12:49 | Read:2587 | Comments:0 | Tags:Uncategorized Encryption https TLS US government web securit

OWASP TOP 10: Security Misconfiguration #5 – CORS Vulnerability and Patch

What is the meaning of an origin? Two websites are said to have same origin if both have following in common: Scheme (http, https) Host name (google.com, facebook.com, securelayer7.net) Port number (80, 4567, 7777) So, sites http://example.com and http://example.com/settings have same origin. But https://example.com:4657 and http://example.com:8080/setting
Publish At:2017-01-07 18:45 | Read:26795 | Comments:0 | Tags:OWASP Client Side Attack CORS CORS Vulnerability and Patch C

A Glimpse at Petya Ransomware

Ransomware has become an increasingly serious threat. Cryptowall, TeslasCrypt and Locky are just some of the ransomware variants that infected large numbers of victims. Petya is the newest strain and the most devious among them. Petya will not only encrypt files but it will make the system completely useless, leaving the victim no choice but to pay for the r
Publish At:2016-11-21 23:35 | Read:10865 | Comments:0 | Tags:Featured ThreatTrack Security Labs cybersecurity information

5 Best WordPress Security Plugins to Keep Your Site Secure

WordPress (WP) is the most popular and widely used blogging platform. It supports every kind of website, from a simple blog to a full-featured business website. Twenty-six percent of all websites globally use WordPress. As a result of this popularity, hackers and spammers have taken keen interest in breaking the security of WP-operated sites.In this post, we
Publish At:2016-07-12 10:30 | Read:7899 | Comments:0 | Tags:Featured Articles Security Awareness Infosec security Web Se

Drupal - Insecure Update Process

By Fernando ArnaboldiSecurity updates are a common occurrenceonce you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hoursafter a security update was released. This means that Drupal updates must bechecked as frequently as possible (even though by default, Drup
Publish At:2016-01-06 18:15 | Read:10531 | Comments:0 | Tags:application security drupal fernando arnaboldi hacking updat

Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses

Despite calls to eliminate Adobe Flash Player, researchers inside and outside the vendor continue to invest in and build mitigations against modern attacks.As recently as three weeks ago, Adobe announced it had rewritten its memory manager, laying the groundwork for widespread heap isolation, which is an important protection against use-after-free vulnerabil
Publish At:2016-01-06 03:20 | Read:8052 | Comments:0 | Tags:Web Security Vulnerabilities adobe adobe flash Vupen Adobe F

Cisco Jabber Client Vulnerable to Man-in-the-Middle Attack

An attacker in a man-in-the-middle position could abuse a STARTTLS downgrade vulnerability in the Cisco Jabber client-server negotiation in order to intercept communication.Cisco warned its customers yesterday, but has yet to patch the vulnerability, which affects the Cisco Jabber clients for Windows, iPhone, iPad and Android. Researchers Renaud Dubourguai
Publish At:2016-01-05 09:15 | Read:7296 | Comments:0 | Tags:Cryptography Vulnerabilities Web Security Cisco Cisco Jabber

Six Things to Watch for in 2016

Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year. Rather than intrusions permeating our IT systems and stealing our data, attacks got a bit more personal in 2015. Not only were privacy and civil liberties put at risk by legislators pushing overbearing rules based o
Publish At:2015-12-31 20:45 | Read:11572 | Comments:0 | Tags:Hacks Malware Vulnerabilities Web Security apt car hacking h

Finding and Exploiting Same Origin Method Execution vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick
Publish At:2015-12-31 16:50 | Read:9992 | Comments:0 | Tags:exploitation Open Source pentesting pentura privacy security

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud