HackDig : Dig high-quality web security articles for hacker

Physical Backdoor | Remote Root Vulnerability in HID Door Controllers

If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area. HID is one of the world’s largest manufacturers of access control systems and has become a ubiquitous part of many large companies’ physical security postur
Publish At:2016-11-20 03:20 | Read:5165 | Comments:0 | Tags:Critical Infrastructures Cyber Security ICS Physical Securit

FCA Guidance on Financial Crime

The UK's Financial Conduct Authority (FCA) has published updated guidance on reducing the risk of financial crime.Financial Crime: A Guide for Firms Part 1: A Firm's Guide to Preventing Financial Crime provides information to regulated firms on how to avoid financial crime. But many of the topics and guidance will be of use to a wider audience. The document
Publish At:2015-05-28 05:05 | Read:3498 | Comments:0 | Tags:requirements legislation physical administrative preventativ

Summary of Last Year's ICO Enforcement Action

PwC UK has published a summary of enforcement actions taken by the Information Commissioner's Office (ICO) in 2014.The Privacy and Security Enforcement Tracker 2014 summarises and comments on information originally published by the ICO on its web site concerning actions it has taken against organisations. This includes enforcement notices, monetary penalty n
Publish At:2015-04-28 06:00 | Read:3661 | Comments:0 | Tags:administrative privacy corrective identity data protection t

Data Breach Investigations Report 2015

The Verizon annual Data Breach Investigations Report was published last week.The Data Breach Investigations Report (DBIR) summarises findings from the collection and analysis of almost 80,000 security incidents relating to over 2,000 confirmed data breaches, sourced from 70 contributing organisations.A breakdown by industry sector is provided. The 2015 DBIR
Publish At:2015-04-21 10:35 | Read:3830 | Comments:0 | Tags:vulnerabilities administrative incidents threats operation t

London Insurance Markets and Cyber Risk Insurance

The UK government has published a report on the role of insurance markets in managing and mitigating cyber risk. UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk describes how insurance can be another mechanism for cyber risk reduction, encouraging steps to reduce risk through reduced premiums, and providing insight from claims an
Publish At:2015-04-17 08:35 | Read:3850 | Comments:0 | Tags:administrative technical corrective physical insurance

International Personal Data Transfers within AWS

The European Commission's Article 29 Working Party (Art. 29 WP) and lead authority the Luxembourg National Commission for Data Protection (Commission Nationale pour la Protection des Données – CNPD) have announced their descison of a review of Amazon Web Services in relation to the international transfer of personal data.The letter states that the lead autho
Publish At:2015-04-04 15:40 | Read:4189 | Comments:0 | Tags:administrative privacy data protection technical physical le

Report on an Evaluation of Application Security Assessment Vendors

Forrester Research published an evaluation of a dozen application security vendors in December.The researchers reviewed the market to identify application security assessment vendors that offer multiple capabilities, provide easy deployment and integration, are used by other Forrester clients and have competitive offerings.Their selection was Beyond Security
Publish At:2015-02-24 09:35 | Read:3257 | Comments:0 | Tags:vulnerabilities SDLC operation physical testing

NIST SP 800-163 Vetting the Security of Mobile Applications

In the last of my run of three mobile app related posts, US standards body National Institute of Standards and Technology (NIST) has released Special Publication (SP) 800-163 Vetting the Security of Mobile Applications.SP 800-163 is for organisations that plan to implement a mobile app vetting process or consume app vetting results from other parties. It is
Publish At:2015-02-10 14:40 | Read:3417 | Comments:0 | Tags:corrective administrative preventative technical threats SDL

Cost of Cyber Crime for UK Companies 2014

The third annual study of the cost of cyber crime in UK companies has been published.This 2014 report from Ponemon Institute is the third annual study of U.K companies, and is based on a representative sample of 38 organisations across industries. Findings for other regions/nations, relating to 257 companies in 7 countries in total, have also been published.
Publish At:2014-10-19 06:40 | Read:3870 | Comments:0 | Tags:technical corrective metrics administrative preventative inc

Application Security and Privacy Mapping 2014

The chart detailing the most important guidance, standards, legislation and organisations that can influence mobile and web application development security and privacy in the UK has been comprehensively updated.Principal Influences on UK Applications is managed by me and published on my company's web site as a mind map diagram and text tree, together with a
Publish At:2014-10-11 10:45 | Read:4201 | Comments:0 | Tags:policies standards legislation administrative information as

Request to Participate in the OWASP CISO Survey 2014

The OWASP CISO Survey Report was published in January 2014.OWASP is again conducting the survey among senior information security leaders and managers and needs your help. The results will be published in the OWASP CISO Report 2014 which will be free to access and use. The project team has asked if we can share this invitation with security contacts in com
Publish At:2014-10-07 19:50 | Read:3425 | Comments:0 | Tags:corrective administrative maturity technical SDLC informatio


Share high-quality web security related articles with you:)


Tag Cloud