HackDig : Dig high-quality web security articles for hackers

Kaspersky Lab launched the new Lab ICS-CERT

Kaspersky Lab has launched a new global computer emergency response team (CERT), the Kaspersky Lab ICS-CERT, focusing on industrial control systems (ICS).. Kaspersky has anticipated launching an Industrial Control Systems CERT. Of course, I’m joking, anyway I always sustained that the creation of a similar structure represents an important achievement
Publish At:2016-10-25 23:40 | Read:3452 | Comments:0 | Tags:Breaking News Security CERT cyber threats Hacking ICS Kasper

Cyberespionage against RUAG, from Red October to Turla, who is the culprit?

Security experts from Melani published a detailed technical report about the strain of Turla used in the cyberespionage attack against the RUAG firm. A few weeks ago I reported about the cyber espionage attack on the Swiss Defense Department that was revealed after a presentation on cyber espionage to the Federal Intelligence Service. The cyber attack was a
Publish At:2016-05-24 00:35 | Read:7677 | Comments:0 | Tags:Cyber warfare Intelligence Malware Reports Uncategorized CER

The Australian government presents his Cyber Security Strategy

The Australian government has presented his Cyber Security Strategy and admitted the ability to conduct offensive cyber operations. The Australian Government announced its cyber security strategy that includes AU$230 million spending over four years to improve the resilience to cyber attacks of the national critical infrastructure. The strategy is very compl
Publish At:2016-04-21 07:50 | Read:5176 | Comments:0 | Tags:Cyber Crime Cyber warfare Hacking Australian Cyber Security

Industries Confront Cyber Warfare

Many industries are rallying to improve their cyber security postures. When I observe these rally cries, I hear the lyrics to a Twisted Sister song: “We’re not gonna to take it … anymore!” As the headlines increase with data breaches, the fighting instinct grows more to address the out of control issue of data breaches.Industries are coming together to shar
Publish At:2015-12-16 17:55 | Read:3535 | Comments:0 | Tags:Featured Articles Security Awareness CERT Cyber Security Ene

Stealing all files from Seagate wireless disks is too easy

The CERT_org issued an alert on Seagate wireless disks because they contain multiple flaws that could be exploited to download their entire content. CERT.org issued a warning related Seagate wireless disk because they include a hidden login, most exactly a Telnet services that is not documented. This security issue allows anon
Publish At:2015-09-07 09:15 | Read:7600 | Comments:0 | Tags:Breaking News Hacking Security CERT Pierluigi Paganini priva

CERT Warns of Hard-Coded Credentials in DSL SOHO Routers

DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.An advisory published Tuesday by the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University said the issues are still present in the routers and that organizati
Publish At:2015-08-26 15:10 | Read:3722 | Comments:0 | Tags:Privacy Vulnerabilities Web Security ASUS cert DIGICOM DSL r

Renewed Attention on Android Apps Failing SSL Validation

SAN FRANCISCO – Android developers whose apps fail to validate SSL certificates are on notice; not only are researchers scanning apps making insecure connections, but so is Google. And the hammer may fall soon.Will Dormann, a researcher with CERT at the Software Engineering Institute at Carnegie Mellon University, today at RSA Conference shared new data coll
Publish At:2015-04-21 20:35 | Read:3209 | Comments:0 | Tags:Mobile Security Vulnerabilities Web Security Adrian Ludwig A

SearchBlox Fixes XSS, File Upload Flaws

SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues.The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which
Publish At:2015-04-15 17:55 | Read:3825 | Comments:0 | Tags:Vulnerabilities Web Security cert CSRF SearchBlox vulnerabil

Two NTP Key Authentication Vulnerabilities Patched

NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed.The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday i
Publish At:2015-04-09 01:50 | Read:3026 | Comments:0 | Tags:Hacks Vulnerabilities Web Security cert DDoS DHS NTP NTP pat

Multicast DNS Vulnerability Could Lead to DDOS Amplification Attacks

The Department of Homeland Security sponsored CERT at Carnegie Mellon University on Tuesday released an advisory warning infrastructure providers of a vulnerability in Multicast DNS, or mDNS, that could leak device information that could be leveraged in high volume DDoS amplification attacks.“I would say the most serious concern with a vulnerability li
Publish At:2015-04-01 17:30 | Read:3081 | Comments:0 | Tags:Vulnerabilities Web Security advisory cert Chad Seaman DDoS

Identifying and Preventing Insider Threats

An insider attack is one of the biggest threats faced by modern enterprises, where even a good working culture might not be sufficient to prevent it. Companies implement sophisticated technology to monitor their employees but it’s not always easy for them to distinguish between an insider and an outside attack.Those who target and plan attacks from the outsi
Publish At:2014-10-20 04:55 | Read:3514 | Comments:0 | Tags:Featured Articles Incident Detection Bruce Schneier CERT Eug

What you need to know about “BERserk” and Mozilla

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library that could allow malicious parties to set up fraudulent sites masquerading as legitimate businesses and other organizations. The Mozilla NSS library, commonly utilized in the Firefox web brow
Publish At:2014-09-25 06:30 | Read:3224 | Comments:0 | Tags:Executive Perspectives Featured BERSerk browser CERT Firefox

DNS cache poisoning attacks to steal emails are reality

CERT warns that DNS Cache Poisoning attacks could be used also to hijack email to a rogue server and not only to divert the Internet traffic. DNS attacks are very popular in hacking community, they could be run by cyber criminals and state-sponsored hackers for various purposes, including cyber espionage and financially motiva
Publish At:2014-09-13 20:20 | Read:4088 | Comments:0 | Tags:Cyber Crime Hacking Security cache poisoning CERT DNS dns at

CERT Pudding and the War on Bad SSL

On August 21, the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University released a MiTM analysis system called CERT Tapioca. CERT/CC is now using this tool to help address a rapidly growing problem many researchers have been taking note of, including myself.There are many Android applications putting personal data in je
Publish At:2014-09-09 09:20 | Read:4032 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Android ap

CERT disclosed the list of most popular vulnerable Android apps

The CERT has published the results of its test conducted on popular Android applications that fail to properly validate SSL certificates. In several posts we have discussed about the improper validation of  SSL certificates made by mobile devices, recently we mentioned the case of the Gmail app for iOS devices which, according
Publish At:2014-09-08 16:20 | Read:5938 | Comments:0 | Tags:Hacking Security Android Apps CERT CERT Tapioca digital cert


Tag Cloud