HackDig : Dig high-quality web security articles for hacker

Fake Elder Scrolls Online developers go phishing on PlayStation

A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service violation? In MMORPG land, the scammers take a theoretically pla
Publish At:2019-12-06 16:50 | Read:282 | Comments:0 | Tags:Social engineering elder scrolls online ESO gamers gaming ga

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w
Publish At:2019-12-03 16:50 | Read:162 | Comments:0 | Tags:Threat analysis backdoor banking Trojan banking Trojans cred

Court says suspect can’t be forced to reveal 64-character password

byLisa VaasThe dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession.The gut punch: The defendant is a man previously
Publish At:2019-11-26 12:35 | Read:247 | Comments:0 | Tags:Cryptography Law & order Mobile Privacy child abuse child ab

IoT bills and guidelines: a global response

You may not have noticed, but Internet of Things (IoT) rules and regulations are coming whether manufacturers want them or not. From experience, drafting up laws which are (hopefully) sensible and have some relevance to problems raised by current technology is a time-consuming, frustrating process. However, it’s not that long since we saw IoT devices go main
Publish At:2019-11-22 16:50 | Read:240 | Comments:0 | Tags:IoT Privacy Australia California internet Internet of Things

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar
Publish At:2019-10-21 16:50 | Read:451 | Comments:0 | Tags:A week in security amazon Dark Web domestic abuse domestic a

Phishy text message tries to steal your cellphone account

byPaul DucklinLots of people still think of phishing as a type of scam that arrives by email.That’s because most phishing attacks do, indeed, arrive in your inbox – sadly, spamming out emails is cheap and easy for crooks, and it delivers results simply because of the volume they can achieve.But phishing isn’t only about email – itR
Publish At:2019-10-18 12:00 | Read:470 | Comments:0 | Tags:Phishing cellphones Cybercrime passwords phishing SMS

How Authentication and Identification Work Together to Build Digital Trust

The dictionary definition of trust, according to Merriam-Webster, is the “assured reliance on the … truth of someone or something.” In today’s digital world, trust can be a tricky concept. To do business online, whether you are a bank, retailer, insurer, airline or anything else, you must have some degree of trust in your user — trust
Publish At:2019-10-18 10:20 | Read:210 | Comments:0 | Tags:Fraud Protection Identity & Access Access Governance digital

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to re
Publish At:2019-10-16 23:20 | Read:208 | Comments:0 | Tags:Awareness 2fa authentication mfa passwords

Agent 1433: remote attack on Microsoft SQL Server

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to work
Publish At:2019-09-19 18:20 | Read:270 | Comments:0 | Tags:Research Backdoor Microsoft SQL Passwords Trojan

Some crypto challenges: Author writeup from BSidesSF CTF

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:
Publish At:2019-09-19 17:55 | Read:168 | Comments:0 | Tags:Conferences Crypto Passwords Tools

How Not to Store Passwords: SHA-1 Fails Again

Problem: How do you store a password but make it nearly impossible to recover the plaintext in the event that the database with the password hash is compromised? When doing software development, it’s critical to review these functions. Having good development standards for your team will ensure that people store passwords properly and avoid mistakes th
Publish At:2017-11-07 04:05 | Read:13654 | Comments:0 | Tags:Application Security Data Protection X-Force Research Applic

Strong Passwords Don’t Have to be Hard to Remember

Bill Burr blew it, and he knows it. The man responsible for the global password strength guidelines, which posit that you should always use alphanumeric characters and alternate uppercase and lowercase letters, recognizes his error. According to Burr, these rules “drive people crazy,” and yet, even so, do not necessarily make for good passwords. Fourteen yea
Publish At:2017-09-29 22:40 | Read:3325 | Comments:0 | Tags:Security b2b passwords

Cyber Security Tips for Parents and Children

How to protect your children from cyber threats The summer just gracefully glanced over our lives, and now it is time for things to get back to normal – we will soon start feeling the cold breeze and the days will become shorter. Even though that the good old days of casual dress code in the office are now gone, being back to reality has some positives too.
Publish At:2017-09-05 17:15 | Read:8448 | Comments:0 | Tags:Mobile News Tips cybersecurity passwords Privacy

Taringa Data Breach, over 28 Million users affected

The data breach notification website LeakBase reported to the colleagues at THN the Taringa data breach, over 28 Million users’ data exposed. Taringa, also known as ‘The Latin American Reddit’, is a popular social network used by netizens in Latin America to create and share thousands of posts every day on general interest topics. The dat
Publish At:2017-09-04 16:05 | Read:2686 | Comments:0 | Tags:Breaking News Data Breach Hacking Social Networks cracking p

Back to Basics: Six Simple Strategies to Strengthen Your Security Posture

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecos
Publish At:2017-06-16 08:15 | Read:3480 | Comments:0 | Tags:Risk Management Data Protection Passwords Patch Management S

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud