HackDig : Dig high-quality web security articles for hacker

How Retail Security Can Welcome IoT Innovations Without Putting Customers at Risk

Retail businesses, from mom-and-pop shops to major department stores, are investing heavily in technology to enhance the in-store experience. With the imminent arrival of mainstream 5G, smarter systems are expected to dominate the retail space as the internet of things (IoT) expands. But as we know from connected device deployments in other sectors, such as
Publish At:2020-03-11 08:47 | Read:228 | Comments:0 | Tags:Retail IoT Access Management Connected Devices Customer Expe

FBI recommends using passphrases instead of complex passwords

The FBI recommends using longer passwords composed of multiple words into a long string of at least 15 characters instead of short passwords including special characters. Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity. The recommendatio
Publish At:2020-02-24 09:50 | Read:274 | Comments:0 | Tags:Breaking News Security Hacking passwords Security News

Will Weak Passwords Doom the Internet of Things (IoT)?

Weak passwords can hurt any organization’s security efforts and make any device easily hackable, but could they also be the greatest point of failure for internet of things (IoT) security? Weak passwords certainly put companies deploying IoT devices at greater risk of falling victim to a cyberattack. We have already begun to see attacks targeting IoT d
Publish At:2020-02-15 17:18 | Read:261 | Comments:0 | Tags:Endpoint Risk Management IoT Authentication Connected Device

A week in security (December 23 – 29)

Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: Now an annual tradition for close to a decade, SplashData u
Publish At:2019-12-30 16:50 | Read:557 | Comments:0 | Tags:A week in security a week in security Google Chrome online p

Consumer Groups are Racing to Issue Security Warnings For Amazon Ring

Over the last few weeks, the media published stories about hacked Amazon Ring devices that allow hackers to get unauthorized access to consumer video monitoring devices such as Amazon Ring. One of the warnings recently issued from Fight For The Future stated that Amazon Ring cameras are not safe. The consumer group quoted a report from VICE saying that there
Publish At:2019-12-26 09:15 | Read:947 | Comments:0 | Tags:Mobile News Security passwords Privacy security

Fake Elder Scrolls Online developers go phishing on PlayStation

A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service violation? In MMORPG land, the scammers take a theoretically pla
Publish At:2019-12-06 16:50 | Read:720 | Comments:0 | Tags:Social engineering elder scrolls online ESO gamers gaming ga

New version of IcedID Trojan uses steganographic payloads

This blog post was authored by @hasherezade, with contributions from @siri_urz and Jérôme Segura. Security firm Proofpoint recently published a report about a series of malspam campaigns they attribute to a threat actor called TA2101. Originally targeting German and Italian users with Cobalt Strike and Maze ransomware, the later wave of malicious emails w
Publish At:2019-12-03 16:50 | Read:866 | Comments:0 | Tags:Threat analysis backdoor banking Trojan banking Trojans cred

Court says suspect can’t be forced to reveal 64-character password

byLisa VaasThe dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession.The gut punch: The defendant is a man previously
Publish At:2019-11-26 12:35 | Read:949 | Comments:0 | Tags:Cryptography Law & order Mobile Privacy child abuse child ab

IoT bills and guidelines: a global response

You may not have noticed, but Internet of Things (IoT) rules and regulations are coming whether manufacturers want them or not. From experience, drafting up laws which are (hopefully) sensible and have some relevance to problems raised by current technology is a time-consuming, frustrating process. However, it’s not that long since we saw IoT devices go main
Publish At:2019-11-22 16:50 | Read:678 | Comments:0 | Tags:IoT Privacy Australia California internet Internet of Things

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar
Publish At:2019-10-21 16:50 | Read:967 | Comments:0 | Tags:A week in security amazon Dark Web domestic abuse domestic a

Phishy text message tries to steal your cellphone account

byPaul DucklinLots of people still think of phishing as a type of scam that arrives by email.That’s because most phishing attacks do, indeed, arrive in your inbox – sadly, spamming out emails is cheap and easy for crooks, and it delivers results simply because of the volume they can achieve.But phishing isn’t only about email – itR
Publish At:2019-10-18 12:00 | Read:958 | Comments:0 | Tags:Phishing cellphones Cybercrime passwords phishing SMS

How Authentication and Identification Work Together to Build Digital Trust

The dictionary definition of trust, according to Merriam-Webster, is the “assured reliance on the … truth of someone or something.” In today’s digital world, trust can be a tricky concept. To do business online, whether you are a bank, retailer, insurer, airline or anything else, you must have some degree of trust in your user — trust
Publish At:2019-10-18 10:20 | Read:683 | Comments:0 | Tags:Fraud Protection Identity & Access Access Governance digital

When can we get rid of passwords for good?

Or perhaps I should have asked, “Can we ever get rid of passwords for good?” The security world knows passwords are a problem. Products ship with default passwords that are never changed. People reuse old passwords or adopt easy-to-guess passwords that hackers easily defeat via brute force. Or users simply can’t keep up with having to re
Publish At:2019-10-16 23:20 | Read:707 | Comments:0 | Tags:Awareness 2fa authentication mfa passwords

Agent 1433: remote attack on Microsoft SQL Server

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to work
Publish At:2019-09-19 18:20 | Read:754 | Comments:0 | Tags:Research Backdoor Microsoft SQL Passwords Trojan

Some crypto challenges: Author writeup from BSidesSF CTF

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:
Publish At:2019-09-19 17:55 | Read:504 | Comments:0 | Tags:Conferences Crypto Passwords Tools

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud