HackDig : Dig high-quality web security articles for hacker

Google released a Chrome 61 update that patches 2 High-Risk Flaws

Google has just released an updated version of Chrome 61, version 61.0.3163.100, that addresses 3 security flaws, two of which rated high-severity. The new version is already available for Windows, Mac, and Linux users and includes a total of three vulnerabilities. The first high-risk bug, tracked as CVE-2017-5121, is an Out-of-bounds access in V8 reported b
Publish At:2017-09-23 09:15 | Read:45 | Comments:0 | Tags:Breaking News Security Bug Bounty Chrome High-Risk Flaws Goo

The Impact of the Blockchain on Cybersecurity

Since its appearance in 2009, the concept of the blockchain has expanded past its initial use as the base of bitcoin into many other areas. By its nature, this distributed database provides the perfect platform for the management of cryptocurrency. But its features have attracted the attention of experts interested in a broad array of other applications. Pos
Publish At:2017-09-23 00:30 | Read:165 | Comments:0 | Tags:Security b2b blockchain cybersecurity

Was Torrent Site The Pirate Bay Being Sneaky or Creative By Tricking Visitors Into Monero Mining

Users noticed a cryptocurrency miner surfaced on The Pirate Bay, the world’s largest torrenting for a day over the weekend. Pop quiz: would you rather A) see ad banners displayed at the top of the website, or B) mine Monero cryptocurrency when you visit a website? Judging by the number of downloads for ad blocking browser extensions, no one likes banner ads.
Publish At:2017-09-19 13:05 | Read:122 | Comments:0 | Tags:Breaking News Hacking Security Bitcoin miner Monero Pirate B

Shadow IT: How to Protect Something You Didn’t Know Was There

We know that to secure a network, we need to control every single thing that happens on it. But this becomes especially difficult when there are points of the network that we don’t even know about. How can we combat an enemy that moves in the shadows? What is Shadow IT? Such blind spots fall under what is called Shadow IT, a term used to describe unapproved
Publish At:2017-09-19 04:15 | Read:125 | Comments:0 | Tags:Security b2b shadow it

[SANS ISC] Getting some intelligence from malspam

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week. Usually, most of them
Publish At:2017-09-18 08:05 | Read:106 | Comments:0 | Tags:Malware Security Splunk Intelligence SANS ISC

Chrome will label Resources delivered via FTP as “Not Secure”

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome, Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.” The security improvement will be implement
Publish At:2017-09-18 00:05 | Read:147 | Comments:0 | Tags:Breaking News Security Chrome encryption FTP Google HTTPS

Dangers Beyond Ransomware – the Risk of Spyware

There’s been a lot of talk recently about ransomware’s impact on the business environment. It would seem that the central role of this attack casts a shadow over one of the classic villains of cybersecurity: spyware. But a large percentage of today’s attacks suffered by companies today involve this malware. Its risks must not go neglected. Know your enemy On
Publish At:2017-09-15 08:00 | Read:174 | Comments:0 | Tags:Security b2b cybersecurity Spyware

September Patch Tuesday, patch your Windows now to avoid ugly surprises

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes secu
Publish At:2017-09-14 03:50 | Read:289 | Comments:0 | Tags:Breaking News Security Blueborn attack Hacking RCE September

Kaspersky Lab solutions banned from US government agencies

The US Department of Homeland security banned government agencies for using software products developed by Kaspersky Lab Bad news for security firm Kaspersky, the US Department of Homeland security banned government agencies for using software products developed by Kaspersky Labs. The ban was the response to the concerns about possible ties between Kaspersky
Publish At:2017-09-14 03:50 | Read:139 | Comments:0 | Tags:Breaking News Intelligence Security

Adobe patches only two critical vulnerabilities in Flash Player in September

This month, Adobe has patched only two vulnerabilities in Flash Player, both are critical issues that could be exploited for remote code execution. The vulnerabilities are tracked as CVE-2017-11281 and CVE-2017-11282, they were discovered by Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero. Both vulnerabilities are caused by memory corruption i
Publish At:2017-09-13 09:25 | Read:176 | Comments:0 | Tags:Breaking News Security Adobe Flash Player Hacking

Hackers can remotely access Smiths Medical Syringe Infusion Pumps to kill patients

The US-CERT is warning of hackers can remotely access Smiths Medical Syringe Infusion Pumps to control them and kill patients. IoT devices continue to enlarge our surface of attack, and in some cases, their lack of security can put our lives in danger. Let’s thinks for example of medical devices that could be hacked by attackers with serious consequenc
Publish At:2017-09-11 20:31 | Read:105 | Comments:0 | Tags:Breaking News Hacking Security healthcare IoT medical device

FSEC 2017 Wrap-Up Day #2

Here we go with a quick wrap-up of the second day. It started smoothly around 09:00 and was dedicated to more technical talks. After some refill of coffee, I was ready to follow all talks presented in the main track. It started with LiveOverflow who presented “Play CTF“. CTF games (“Capture The Flag”) are present on the schedule of many infosec conferences 
Publish At:2017-09-08 19:05 | Read:169 | Comments:0 | Tags:Event Security Conference Croatia FSEC

FSEC 2017 Wrap-Up Day #1

There are more and more infosec events worldwide and it’s always nice to attend new events and meet new people. This time, it is the case with FSEC. First visit to this security conference organized in Varazdin, Croatia. I had the honor to be invited as a speaker. This is already the seventh edition. FSEC was born thanks to the initiative of Tonimir Ki
Publish At:2017-09-08 00:20 | Read:179 | Comments:0 | Tags:Event Security Conference Croatia FSEC

Interesting List of Windows Processes Killed by Malicious Software

Just a quick blog post about an interesting sample that I found today. Usually, modern pieces of malware implement anti-debugging and anti-VM techniques. They perform some checks against the target and when a positive result is found, they silently exit… Such checks might be testing the screen resolution, the activity of a connected user, the presence
Publish At:2017-09-07 05:50 | Read:229 | Comments:0 | Tags:Malware Security Process windows

A dating site and corporate cyber-security lessons to be learned

It’s been two years since one of the most notorious cyber-attacks in history; however, the controversy surrounding Ashley Madison, the online dating service for extramarital affairs, is far from forgotten. Just to refresh your memory, Ashley Madison suffered a massive security breach in 2015 that exposed over 300 GB of user data, including users’
Publish At:2017-09-06 13:05 | Read:266 | Comments:0 | Tags:Security b2b business data breach

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud