HackDig : Dig high-quality web security articles

HackerOne insider fired for trying to claim other people’s bounties

The vulnerability disclosure platform HackerOne has revealed that one of their staff members had improperly accessed security reports for personal gain. The—now former—staff member approached HackerOne customers with vulnerabilities that belonged to users of the platform. HackerOne HackerOne acts as a mediator between white hat hackers that find sof
Publish At:2022-07-04 20:00 | Read:491 | Comments:0 | Tags:Reports bug bounty disclosure HackerOne insider threat rzlr

Cash App breached by a former employee could affect millions

p>In December last year, the customer information of Cash App users was accessed by a former employee of Block, the company behind the popular mobile payment service app. This was revealed in a very recent filing to the Securities and Exchange Commission (SEC), which shows that the former employee accessed and downloaded “certain reports” contain
Publish At:2022-04-07 08:52 | Read:1478 | Comments:0 | Tags:Security world block Cash App improper offboarding practices

Ransomware gangs are recruiting breached individuals to persuade companies to pay up

You’ve heard about ransomware, where attackers lock up your files and demand a payment for the decryption key. You may also have heard about ransomware attackers not only locking up your files, but also threatening to release the stolen data in an attempt to get you to pay up. What you may not have heard about is a relatively new tactic that ransomw
Publish At:2022-01-27 08:50 | Read:2669 | Comments:0 | Tags:Ransomware cisa Dark Web exfiltrated data identity protectio

Understanding the Cyber Risk Exposures Within the Health Care Industry

The health care industry is one of the most popular and lucrative targets for cyberattacks and malicious activity. Health care organizations always present as an attractive proposition to hackers as they possess high volumes of sensitive information about patients and rely on highly vulnerable medical devices. Advancements in medical procedures and the grow
Publish At:2021-12-07 17:58 | Read:1481 | Comments:0 | Tags:CISO Data Protection Healthcare healthcare cyber security he

Microsoft, CISA and NSA offer security tools and advice, but will you take it?

Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA they offer advice on how to choose and harden your VPN. These initiatives from major parties aim to help organizations assess and manage their security needs. But will they make an impact with their intended audience? Microsoft Exc
Publish At:2021-09-29 10:14 | Read:1513 | Comments:0 | Tags:Opinion cisa EM emergency mitigation service EOL exchange in

A week in security (August 16 – August 22)

Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks.How to troubleshoot hardware problems that look like malware problems.Analysts “strongly believe” the Russian state colludes with ransomware gangs.macOS 11’s hidden security improvements.How to spot a DocuSign phish and what to do about it.Cars
Publish At:2021-08-23 07:55 | Read:3882 | Comments:0 | Tags:A week in security blackberry QNX Cisco Cloudfalre clubhouse

How to Secure Hybrid Teams Against Insider Threats

As businesses emerge from the pandemic, many are making strategic decisions about their long-term work arrangements. While there is a substantial debate about remaining remote or bringing people back to the office, many companies are choosing to meet in the middle, embracing a hybrid work arrangement that allows people to work both on-site and remotely.Accor
Publish At:2021-08-12 00:53 | Read:2960 | Comments:0 | Tags:IT Security and Data Protection data security Hybrid insider

Ransomware turncoat leaks Conti data, lifts the lid no the ransomware business

Last week, The Record broke the news that a self-described “pen tester” for the infamous Conti ransomware gang, who goes by the handle m1Geelka, had leaked manuals, technical guides, and software on the underground forum XSS. According to the screenshot of m1Geelka’s original forum post—and screenshots of later ones from several security re
Publish At:2021-08-10 12:21 | Read:1310 | Comments:0 | Tags:Ransomware conti Conti ransomware insider threat ransomware

The Next Disruptive ICS Attacker: A Disgruntled Insider?

Often, the most critical threats come from within an organization itself. This is true for all sectors, but it is especially true for industrial control systems (ICS). Technicians in these environments already have access to plant controls and may have the deep knowledge of industrial processes needed to achieve specific goals. The damage caused by an inside
Publish At:2021-08-04 23:47 | Read:5892 | Comments:0 | Tags:ICS Security ICS security ICS Vulnerabilties insider threat

The 3 biggest threats reaching for your antivirus software’s off switch

Having antivirus (AV) software on your computer is a staple. Modern antivirus offers layered protection—a cybersecurity approach that uses multiple techniques in one package to keep you safe if you download a malicious file from the Internet, find yourself worrying after clicking a link on a direct message from a non-contact on social media, or automatically
Publish At:2021-08-03 15:27 | Read:1556 | Comments:0 | Tags:Awareness hackers insider threat insiders malware megacortex

Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says

Since the initial lockdown, we have seen the rise of certain types of cybercrime, including scams and fraud campaigns that either bank on the global COVID-19 pandemic or take advantage of potential victims that adhere to work-from-home measures. In the UK, the National Crime Agency (NCA) has determined that many types of cybercrime, such as ransomware att
Publish At:2021-06-03 14:49 | Read:2094 | Comments:0 | Tags:Awareness Cybercrime catfishing fraud insider threat Nationa

Insider threats: If it can happen to the FBI, it can happen to you

If you’re worried about the risk of insider threats, you’re not alone. It can affect anyone, even the FBI. A federal grand jury has just charged a former intelligence analyst with stealing confidential files from 2004 to 2017. That’s an incredible 13 years of “What are you doing with that pile of classified material?”. Even more so, considering the indictmen
Publish At:2021-05-25 10:39 | Read:1692 | Comments:0 | Tags:Privacy compromise data exfiltration fbi insider threat FBI

Zero Trust and Insider Threats: Was Brutus the Original Bad Actor?

Insider threats have been a problem for as long as there have been insiders. What’s changed over time? Well, for one, Brutus and his conspirators didn’t exactly leave a trail of logs and flows when they plotted against Julius Caesar and the Roman Republic. Fast forward 2,000 years, and there’s a good news/bad news update to this story. The
Publish At:2021-05-06 06:26 | Read:1662 | Comments:0 | Tags:Security & Analytics Security Intelligence & Analytics Secur

Don’t Make Headlines Over an Insider Incident: Lessons From the Frontlines

On the path to becoming more cyber secure, organizations across the globe spend an estimated $60 billion per year to defend their assets, recruit talent and work to prevent and respond to cyberattacks. Moreover, security spending is expected to rise another 10% in 2021. But while much of an organization’s security focus and spending is dedicated to th
Publish At:2021-05-04 07:26 | Read:1726 | Comments:0 | Tags:Security & Analytics Security Intelligence & Analytics Secur

When contractors attack: two years jail for vengeful IT admin

An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in prison. What happened? Deepanshu Kher was helping a clien
Publish At:2021-03-23 16:54 | Read:1684 | Comments:0 | Tags:Awareness insider threat IT contractor microsoft office 365

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud