HackDig : Dig high-quality web security articles for hacker

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor h
Publish At:2020-03-24 06:44 | Read:118 | Comments:0 | Tags:APT reports Featured Encryption Industrial threats Malware D

Crypto-Risk: Your Data Security Blind Spot

For many years — almost since the beginning of secure internet communications — data security professionals have had to face the challenge of using certificates, the mechanism that forms the basis of Transport Layer Security (TLS) communications. Certificates facilitate secure connections to websites (represented by the “s” in “https”
Publish At:2020-03-23 10:45 | Read:109 | Comments:0 | Tags:Data Protection Risk Management Apple Business Continuity Ce

Report calls for web pre-screening to end UK’s child abuse ‘explosion’

byLisa VaasA UK inquiry into child sexual abuse facilitated by the internet has recommended that the government require apps to pre-screen images before publishing them, in order to tackle “an explosion” in images of child sex abuse.The No. 1 recommendation from the independent inquiry into child sexual abuse (IICSA) report, which was published o
Publish At:2020-03-16 08:53 | Read:210 | Comments:0 | Tags:Cryptography Facebook Instagram Law & order Privacy Snapchat

PXJ Ransomware Campaign Identified by X-Force IRIS

Ransomware has become one of the most profitable types of malware in the hands of cybercriminals, with reported cybercrime losses tripling in the last five years, according to the FBI. A constant flow of new and reused code in this realm continues to flood both consumers and organizations who fight to prevent infections, respond to attacks and often resort t
Publish At:2020-03-12 09:13 | Read:180 | Comments:0 | Tags:Malware Threat Intelligence Cryptography Cybercrime Encrypti

Banking Trojans and Ransomware — A Treacherous Matrimony Bound to Get Worse

The financial malware arena became a mainstream issue a little over a decade ago with the rise of malware like the Zeus Trojan, which at the time was the first commercial banking Trojan available to the cybercrime world. We have come a long way since, and the past decade saw banking Trojans become increasingly sophisticated, specialized and exclusive, operat
Publish At:2020-02-18 09:32 | Read:220 | Comments:0 | Tags:Malware Threat Intelligence Banking Trojan Botnets Cybercrim

Russian govn blocked Tutanova service in Russia to stop encrypted communication

Tutanota, the popular free and open-source end-to-end encrypted email software, has been blocked by Russian authorities. The popular free and open-source end-to-end encrypted email service Tutanota has been blocked in Russia on Friday evening. Since early February, the Russian government has blocked other encrypted email and VPN services in Russia, includ
Publish At:2020-02-17 11:24 | Read:367 | Comments:0 | Tags:Breaking News Hacking Laws and regulations Censorship encryp

Suspect who refused to decrypt hard drives released after four years

byJohn E DunnThe contentious case of a man held in custody since 2015 for refusing to decrypt two hard drives appears to have reached a resolution of sorts after the US Court of Appeals ordered his release.Former Philadelphia police sergeant Francis Rawls was arrested in September 2015, during which the external hard drives were seized along with other compu
Publish At:2020-02-15 12:43 | Read:305 | Comments:0 | Tags:Apple Law & order Privacy child pornography contempt Encrypt

Facebook encrypted messaging will ‘create hiding places for child abuse’

byLisa VaasLast year, Facebook announced that it would stitch the technical infrastructure of all of its chat apps – Messenger, WhatsApp and Instagram – together so that users of each app can talk to each other more easily.The plan includes slathering the end-to-end encryption of WhatsApp – which keeps anyone, including law enforcement and
Publish At:2020-02-10 07:56 | Read:285 | Comments:0 | Tags:Cryptography Facebook Instagram Law & order Privacy WhatsApp

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa
Publish At:2019-10-03 07:00 | Read:872 | Comments:0 | Tags:APT reports Featured Browser Digital Certificates Encryption

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:14385 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address

The Tor Project fixed a critical vulnerability dubbed TorMoil that could leak users real IP addresses to potential attackers. Tor users must update their Tor browser to fix a critical vulnerability, dubbed TorMoil, that could leak their real IP addresses to potential attackers when they visit websites with certain content. The Tor Project released the Tor Br
Publish At:2017-11-05 16:20 | Read:5569 | Comments:0 | Tags:Breaking News Hacking anonymity encryption Tor Tor Project T

The Power and Versatility of Pervasive Encryption

As cyberthreats make headlines, companies across the globe are working hard to develop efficient IT infrastructures capable of protecting sensitive data and maintaining compliance with privacy regulations. Although it checks both of these boxes, many organizations have been hesitant to adopt encryption due to cost, operational impact, the complexity of key m
Publish At:2017-11-04 02:00 | Read:4566 | Comments:0 | Tags:Data Protection Mainframe Application Security Encryption En

DUHK Attack allows attackers recover encryption keys used to secure VPN connections and web browsing sessions

DUHK is a vulnerability that allows attackers to recover secret encryption keys used to secure VPN connections and web browsing sessions After the disclosure of the KRACK and ROCA attacks, another attack scenario scares IT community. It is the DUHK vulnerability (Don’t Use Hard-coded Keys), it is the last cryptographic implementation vulnerability tha
Publish At:2017-10-25 07:50 | Read:3765 | Comments:0 | Tags:Breaking News Hacking DUHK attack encryption VPN

China widely disrupted WhatsApp in the country, broadening online censorship

The popular instant messaging application WhatsApp has been widely blocked in mainland China by the Government broadening online censorship. Bad news for the Chinese users of the popular instant messaging app WhatsApp because the application has been widely blocked in mainland China by the Government. Users are not able to send text messages, photo and video
Publish At:2017-09-27 05:25 | Read:4189 | Comments:0 | Tags:Breaking News Digital ID Laws and regulations ban Censorship

Java Key Store (JKS) format is weak and insecure

While preparing my talk for the marvelous BSides Zurich I noticed again how nearly nobody on the Internet warns you that Java’s JKS file format is weak and insecure. While users only need to use very strong passwords and keep the Key Store file secret to be on the safe side (for now!), I think it is important to tell people when a technology is weak. P
Publish At:2017-09-19 16:25 | Read:3507 | Comments:0 | Tags:Password cracking encryption Java Java Key Store JKS

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud