HackDig : Dig high-quality web security articles for hackers

Ad Hoc or Managed Penetration Testing: Which One Is Best for You?

Penetration testing is no longer an extraordinary security engagement. Due to regulatory mandates, internal policies, business executive requests and the overall desire to avoid becoming the next breach victim, testing is now commonplace among many organizations. The kind of testing, however, can still be a question. Do you need ad hoc testing, that as-neede
Publish At:2020-05-03 08:13 | Read:329 | Comments:0 | Tags:Application Security Data Protection Risk Management Securit

Update Firefox again – more RCEs and an Android “takeover” bug too

byPaul DucklinThis weekend, we were urging you to check your Firefox version to make sure you were up to date……and now we’re urging you to check again.The update that came out over the weekend was an emergency patch, issued for a security hole that was found because it was already in use by criminals in real life – what’s known
Publish At:2020-04-08 08:21 | Read:734 | Comments:0 | Tags:Android Firefox Mozilla Vulnerability Exploit Patch rce vuln

Windows has a zero-day that won’t be patched for weeks

byJohn E DunnCybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.For now, there are no CVE identifiers and the only confirmed details are in
Publish At:2020-03-25 09:06 | Read:490 | Comments:0 | Tags:Microsoft Operating Systems Security threats Vulnerability W

More Than 140GB of Data Exposed by Israeli Marketing Company

An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database.A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of receiving text messages from “random phone numbers with similar messages containing links to gibberish domains.̶
Publish At:2020-02-28 10:55 | Read:402 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Elastic

What’s Old Is New, What’s New Is Old: Aged Vulnerabilities Still in Use in Attacks Today

As reported in the IBM X-Force Threat Intelligence Index 2020, X-Force research teams operate a network of globally distributed spam honeypots, collecting and analyzing billions of unsolicited email items every year. Analysis of data from our spam traps reveals trending tactics that attackers are utilizing in malicious emails, specifically, that threat actor
Publish At:2020-02-26 10:55 | Read:687 | Comments:0 | Tags:Threat Intelligence Dark Web Exploit Macro Malware Macros Ma

Dell fixes privilege elevation bug in support software

byDanny BradburyUsers of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week.SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints. It performs diagnostic tasks and streamlines the creation of support ticket
Publish At:2020-02-15 12:44 | Read:544 | Comments:0 | Tags:Security threats Vulnerability arbitrary code execution Bug

How Do You Measure the Success of Your Patch Management Efforts?

If you follow the news, you will often see that yet another company has been breached or taken hostage by ransomware. If you read the full details of these stories, usually they have one main thing in common: These organizations are behind in patch management. The question that arises, then, is why? There are two sides to this story: A technical one and a pr
Publish At:2020-02-09 10:30 | Read:546 | Comments:0 | Tags:Endpoint Risk Management Business Continuity Common Vulnerab

Windows 7 computers will no longer be patched after today

byPaul DucklinDo you know what you were doing 3736 days ago?We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.)Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the internet to help us recall what happened on 22 October 2009.That was the official release date of Windo
Publish At:2020-01-14 12:40 | Read:724 | Comments:0 | Tags:Microsoft Exploit Patch patchocalypse vulnerability Windows

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi
Publish At:2019-10-18 16:50 | Read:1443 | Comments:0 | Tags:Business cybercriminals exploit exploit kits exploits patch

Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel

How often have you heard a co-worker say that he or she had to put out a fire? Depending on your job role, you may have anywhere from one to more than a dozen so-called fires weekly. A zero-day vulnerability is an example of a work-related fire that a security operations analyst might have to extinguish. Enterprises should be prepared to handle zero-day fir
Publish At:2017-10-22 05:00 | Read:5832 | Comments:0 | Tags:Advanced Threats Endpoint Risk Management Software & App Vul

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:7216 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Risk Governance: The True Secret Weapon of Cybersecurity

This season’s featured cybersecurity nightmare may be ransomware, but breaches of all kinds are going up in both numbers and cost. In response, security vendors are offering sophisticated — and costly — solutions to defend against evermore sophisticated attackers. However, the most effective protective measures have nothing to do with specific software
Publish At:2017-09-08 10:00 | Read:5853 | Comments:0 | Tags:Risk Management Access Governance Access Management Cybercri

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:5195 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

The Living Dead: How to Protect Legacy Systems

The recent widespread attacks of WannaCry and NotPetya both used known vulnerabilities of legacy operating systems, namely SMB v1 protocol. In general, known vulnerabilities are easy to mitigate as long as patches and updates are provided. But in these cases, many organizations seem to have ignored the advice to patch their systems — or maybe not. There ar
Publish At:2017-07-20 21:00 | Read:4894 | Comments:0 | Tags:Network Risk Management Legacy Applications legacy systems n

Going Through a Rough Patch in Your Security Program? Consistent Software Patching Can Solve Security Woes

Security is an imperfect art. It’s also an imperfect science. Whether it involves experimenting with certain tweaks or implementing proven standards and prescriptive advice, figuring out how to manage a security program is as complex as navigating any other business function. According to the Pareto Principle, security professionals should focus on the
Publish At:2017-07-03 23:50 | Read:3461 | Comments:0 | Tags:Endpoint Network Risk Management Adobe Patch Patch Managemen


Share high-quality web security related articles with you:)