HackDig : Dig high-quality web security articles for hackers

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta
Publish At:2020-06-23 14:30 | Read:152 | Comments:0 | Tags:Exploits and vulnerabilities artificial intelligence EDR end

Global 1000 Security Execs: Mobile No Longer “The Forgotten Endpoint”

As the global leader in mobile security, Zimperium is proud of the companies and governments that trust us to protect their mobile endpoints and applications. Our customers are not only well-known for their brands, they are known for being some of the most sophisticated and knowledgeable security organizations in the world. We recently spoke with several of
Publish At:2020-05-24 07:37 | Read:220 | Comments:0 | Tags:Mobile Security coronavirus COVID-19 global 1000 Mobile secu

Windows has a zero-day that won’t be patched for weeks

byJohn E DunnCybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.For now, there are no CVE identifiers and the only confirmed details are in
Publish At:2020-03-25 09:06 | Read:524 | Comments:0 | Tags:Microsoft Operating Systems Security threats Vulnerability W

Zyxel 0day Affects its Firewall Products, Too

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch
Publish At:2020-02-26 12:56 | Read:417 | Comments:0 | Tags:Latest Warnings Time to Patch 0day alex holden zero day ZyXe

Zyxel Fixes 0day in Network Storage Devices

Patch comes amid active exploitation by ransomware gangs Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerabili
Publish At:2020-02-24 15:24 | Read:545 | Comments:0 | Tags:Latest Warnings The Coming Storm Time to Patch 0day 500mhz a

The Godfathers of Virtualization Returning to VMWorld

Ian Pratt and Simon Crosby sold XenSource to Citrix in 2007. After working at Citrix, they decided to once again spin off and focus on cybersecurity. They are available to meet during VMWorld if you’d like to talk virtualization and security. We think of them as The Godfathers of Virtualization. They work they did with XenSource lead to what is today’s clo
Publish At:2017-08-15 17:35 | Read:5604 | Comments:0 | Tags:Company News application isolation browsing click cybersecur

ZPI: One approach to rule them all

Introduction In 1975, a book was published that changed the way we approach complex problems. Inspired on how nature works “Adaptation in Natural and Artificial Systems” set the bases of genetic algorithms. The release date of this blogpost is strongly linked to that book, it is a symbolic tribute to its author, John Henry Holland, who passed out
Publish At:2017-08-10 08:55 | Read:5530 | Comments:0 | Tags:Android iOS Mobile security Mobile Threat Defense Windows Ze

When All Else Fails in Cybersecurity, Application Isolation Does Not

We hear about cybersecurity fails all the time. We’re happy to tell you it doesn’t have to be that way. Application isolation and containment based on virtualization is delivering results. The NSA has called out this strategy as the way forward for stopping advanced threats. To many technology folks, Application Isolation may be a new term when
Publish At:2017-07-26 12:05 | Read:4849 | Comments:0 | Tags:Threats application isolation control demo government Isolat

From WannaCry to WannaSaveYou, Thanks to Adaptive Defense’s Visibility

Hacker groups have become highly trained organizations with access to very sophisticated and easily accessible tools and techniques. Cyberattacks have become professionalized and their economic profitability has been demonstrated countless times, turning it into a billion-dollar industry in recent years. Economic profit and jeopardizing the confidential data
Publish At:2017-05-16 00:50 | Read:2739 | Comments:0 | Tags:News Ransomware wannacry zero day

Zero-Day Exploits – Your Days are Numbered! [infographic]

News stories involving zero-day Windows kernel exploits seemingly never end. Fresh examples abound with alarming regularity and devastating effects, often involving defects with a dwell time of many months before they are formally addressed by patch updates. Despite a sustained focus by Microsoft on improving cybersecurity top to bottom, dubious new records
Publish At:2017-04-21 22:10 | Read:4061 | Comments:0 | Tags:Threats backlog exfiltrate kernel microsoft NSA operating sy

Zero-Day Vulnerability is a Zero-Sum Game

Late last week a new Microsoft Office vulnerability was discovered by McAfee; they discovered attacks exploiting this vulnerability back to late January 2017. This should raise substantial concern for anyone responsible for cyber security at their company or federal agency. Since January, every Windows-based MS Office machine was exposed to the worst type o
Publish At:2017-04-16 13:05 | Read:3499 | Comments:0 | Tags:Breaking News Government Threats Malware McAfee Microsoft Of

Breaking News: “It’s a Very Large-Scale Espionage Operation”

A complex cybercrime spy ring has been revealed today. A China-based cyber gang is behind the effort. Countries targeted include Japan, UK, France and the United States. If you’re responsible for your company’s cyber security, chances are, someone in your office has probably already forwarded this story to you. The Telegraph is sharing a story
Publish At:2017-04-05 08:55 | Read:6244 | Comments:0 | Tags:Breaking News Threats browsing China click crime email Malwa

In the Wake of the CIA WikiLeaks Case, Some Tips on Corporate Cybersecurity

Year Zero, the first delivery from WikiLeaks of the “biggest document leak” the Central Intelligence Agency has ever seen, is made up of over 8,000 files. The revelations they contain are causing quite a stir. If nothing else, they’ve shown that the CIA has at its disposal an enormous cyberespionage arsenal. The documents detail how cyberweapons were prepare
Publish At:2017-03-17 05:45 | Read:5473 | Comments:0 | Tags:News cia Wikileaks zero day

The OPM Breach and Why You Should Fire Your Cyber Janitor

In June of 2015 the United States Office of Personnel Management (OPM) announced they had been the target of what became one of the largest breaches of government data in history. When the dust settled, it was determined that over 20 million people were affected. The data stolen from individuals was Social Security numbers, names, addresses, relatives, and
Publish At:2017-03-11 18:40 | Read:3896 | Comments:0 | Tags:Threats Endpoint Protection Federal Malware Zero Day

WikiLeaks Dumps Docs on CIA’s Hacking Tools

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here
Publish At:2017-03-09 08:50 | Read:4860 | Comments:0 | Tags:Other Bloomberg Bugcrowd Casey Ellis Center for Cyber Intell

Tools

Tag Cloud