HackDig : Dig high-quality web security articles for hacker

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:425 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

Diving Into Zberp’s Unconventional Process Injection Technique

IBM X-Force Research recently discovered a small-scale malware campaign involving a Neutrino bot, aka Kasidet, dropping a payload that contains two Zeus malware breeds: Atmos and Zberp. Both of these codes are based on the leaked source code of the Zeus V2 banking Trojan that was exposed publicly in 2011. The Zberp Trojan, which is a subvariant of ZeusVM mix
Publish At:2017-10-22 05:01 | Read:383 | Comments:0 | Tags:Malware X-Force Research Banking Trojan Carberp Carberp sour

Practice: The Best Defense for Responding to Cyber Incidents

First responders have proven time and time again the valuable help they provide to people in need. Right now, we’re seeing their bravery with the historic hurricanes, fires and floods impacting millions of people. What makes first responders confident in the face of such danger? One word: practice. And this lesson is translating to the private sector i
Publish At:2017-10-22 05:00 | Read:187 | Comments:0 | Tags:Banking & Financial Services Data Protection Incident Respon

Put Threat Intelligence Into Action With Security Apps

It’s now easier than ever to make threat intelligence from IBM X-Force Exchange actionable. Since its inception in 2015, X-Force Exchange has provided both granular indicators of compromise and higher-order intelligence through public collections to help shorten security investigations. A recent update to the X-Force Exchange collaborative platform no
Publish At:2017-09-27 22:45 | Read:141 | Comments:0 | Tags:Threat Intelligence X-Force Research IBM Security App Exchan

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making breaches, it’s becoming clear that the greatest risks to an organization might come down to a simple
Publish At:2017-09-21 19:15 | Read:288 | Comments:0 | Tags:Advanced Threats Cloud Security Data Protection Software & A

Network Attacks Containing Cryptocurrency CPU Mining Tools Grow Sixfold

Since we last reported on a version of the ELF Linux/Mirai malware containing cryptocurrency coin-mining tools in April, the IBM X-Force has noticed a steep increase in the volume of coin central processing unit (CPU) mining tools used in cyberattacks, specifically those targeting enterprise networks. According to IBM Managed Security Services (MSS) data,
Publish At:2017-09-19 12:00 | Read:242 | Comments:0 | Tags:Advanced Threats Security Services Threat Intelligence X-For

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:325 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Stay Up to Date on Threat Intelligence With New X-Force Exchange Capabilities

As both a parent and a bit of a nerd, I have a lot of corny jokes in my arsenal that cover a wide range of topics including animals, food, science fiction and the like. One of my favorite jokes comes from my data science background: “I never metadata I didn’t like.” This joke has it all: wordplay, the spirit of a joke your uncle might tell
Publish At:2017-08-16 09:00 | Read:287 | Comments:0 | Tags:Threat Intelligence X-Force Research IBM X-Force Exchange IB

Hello, My Name Is Space Rogue

IBM X-Force Red marked its first-year anniversary with the addition of security specialists, including Space Rogue, who increases the team’s impressive roster of talent. Hello, my name is Space Rogue. Well, actually, it’s Cris Thomas, but the security community is most likely to recognize my work over the past two decades under my pseudonym. The
Publish At:2017-07-28 03:30 | Read:450 | Comments:0 | Tags:Application Security Security Services X-Force Research IBM

IBM X-Force Red Turns 1, Expands Into Auto and IoT Practice Areas

Earlier this year, I gave a talk at the RSA Conference about the privacy and security flaws in many of today’s connected cars. The response was nothing short of astounding. As it turns out, people get very nervous when you talk about finding and controlling their cars from a mobile phone. While I didn’t initially set out to find vulnerabilities i
Publish At:2017-07-24 17:25 | Read:247 | Comments:0 | Tags:Application Security Industries Software & App Vulnerabiliti

Multipronged IoT Security to Help Realize the Value of IoT Solutions

The Internet of Things (IoT) is an exciting and innovative technology that can help businesses discover new growth areas and income streams. With all this innovation to differentiate in industry verticals and challenge traditional operating models, it’s easy to overlook IoT security, both in terms of its uniqueness and its importance. What Is Different
Publish At:2017-07-24 17:25 | Read:319 | Comments:0 | Tags:Application Security CISO Cognitive Industries X-Force Resea

Information and Communication Technology (ICT) Industry: Second-Most Attacked Sector in 2016

The information and communication technology (ICT) industry has evolved greatly over the last several decades. The interconnected nature of ICT devices and systems, along with modern society’s dependence on the technologies and services this sector provides, increases the risk of cyberattack. Furthermore, firms in this industry often act as a clearingh
Publish At:2017-07-10 21:30 | Read:431 | Comments:0 | Tags:Industries Threat Intelligence X-Force Research Buffer Overf

When a Cyber Crisis Hits, Know Your OODA Loops

In the months since we began simulating full-scale cyberattacks for customers at our IBM X-Force Command Center in Cambridge, Massachusetts, I’ve watched a steady stream of corporate security teams confront the hair-raising experience of a simulated cyberattack. The Command Center recreates the whole crisis from start to finish, featuring a controlled,
Publish At:2017-05-30 22:30 | Read:478 | Comments:0 | Tags:CISO Incident Response X-Force Research Chief Information Se

Incident Response: Planning for the Attack Before It Happens

By now, you’ve no doubt heard of WannaCry, the ransomware attack that impacted over 300,000 victims in more than 100 countries over the past 10 days. While we’ve all focused on effective patching strategies to prevent further infection, an important part of the discussion is how to plan for a successful incident response (IR) to ransomware and o
Publish At:2017-05-25 13:35 | Read:536 | Comments:0 | Tags:Incident Response X-Force Research IBM IBM Security IBM X-Fo

Not-So-Terrible Twos: IBM X-Force Exchange Celebrates Its Second Birthday

There are certain knowing glances that experienced parents give each other in the face of a public toddler meltdown. The sheer red-faced, quaking, loud explosion of the tantrum reminds us that 2-year-olds are entirely exasperating human beings and terrible roommates. But there is a new kind of 2-year-old on the scene now that is well-behaved, well-groomed
Publish At:2017-05-17 21:15 | Read:498 | Comments:0 | Tags:Threat Intelligence X-Force Research IBM X-Force Exchange IB

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud