HackDig : Dig high-quality web security articles

Security Affairs newsletter Round 310

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Is the recent accident at Iran Natanz nuclear plant a cyber attack?Joker malware infected 538,000 Huawei Android devicesPersonal data of 1.3 million Clubhouse users leaked onlineFitch Ratings: Cyberattac
Publish At:2021-04-18 08:21 | Read:88 | Comments:0 | Tags:Breaking News data breach Hacking hacking news information s

Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model

Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability disclosure policy, it could include additional 30 days to the disclosure process for some bugs to give end-us
Publish At:2021-04-17 15:20 | Read:107 | Comments:0 | Tags:Breaking News Security Google Hacking hacking news informati

Ryuk ransomware operation updates hacking techniques

Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet.Furthermore, using targeted phishing emails to deliver the
Publish At:2021-04-17 12:34 | Read:190 | Comments:0 | Tags:Security ransomware hack

Microsoft fixes Windows 10 bug that can corrupt NTFS drives

Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded.In January, we reported on a new Windows 10 vulnerability discovered by  Jonas Lykkegård that allows any user or program, even those with low privileges, to mark an N
Publish At:2021-04-17 12:34 | Read:151 | Comments:0 | Tags:Security

Major BGP leak disrupts thousands of networks globally

A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world.Although the BGP routing leak occurred in Vodafone's autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.BGP leak causes 13x spike i
Publish At:2021-04-17 04:44 | Read:146 | Comments:0 | Tags:Security

The Week in Ransomware - April 16th 2021 - The Houston Rockets

It has been a pretty quiet week with only a few large attacks disclosed and only a few new ransomware variants released.The highest-profile attack this week is the NBA's Houston Rockets who were transparent about their ransomware attack. Strangely, Babuk Locker who had begun leaking their data has suddenly taken the data leak from their site.Another large at
Publish At:2021-04-16 20:54 | Read:129 | Comments:0 | Tags:Security ransomware

Security Gaps in IoT Access Control Threaten Devices and Users

Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.A team of Internet of Things security researchers has discovered vulnerabilities in the way IoT device vendors manage access across multiple clouds and users, putting both individuals and vendors at risk.Related Content:Rethinking IoT Security: It's Not About
Publish At:2021-04-16 19:12 | Read:160 | Comments:0 | Tags: security

Critical RCE can allow attackers to compromise Juniper Networks devices

Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS, tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices. This f
Publish At:2021-04-16 16:39 | Read:161 | Comments:0 | Tags:Breaking News Security DOS Hacking hacking news information

HackBoss malware poses as hacker tools on Telegram to steal digital coins

The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications.Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from wannabe hackers that fell for the trick.Fake user interfaceAlthough there is nothing sophistica
Publish At:2021-04-16 13:04 | Read:124 | Comments:0 | Tags:Security hack

Popular Codecov code coverage tool hacked to steal dev credentials

Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers’ continuous integration (CI) environment.The company learned of the compromise on April 1st but the investigation determined that the first signs of this soft
Publish At:2021-04-16 13:04 | Read:96 | Comments:0 | Tags:Security hack

How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts

Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away places. The cost and maintenance of legacy tools and the migration to cloud als
Publish At:2021-04-16 12:31 | Read:114 | Comments:0 | Tags:Security Intelligence & Analytics Artificial Intelligence Cl

Security Surveillance Attack

April 16, 2021 141 0 Author: Adam Torks Security Surveillance Attack Once upon a time, the internet was
Publish At:2021-04-16 09:08 | Read:122 | Comments:0 | Tags:Security Cybersecurity Internet Surveillance security

Adapting Security Awareness to the Post-Pandemic World

It's time for Security Awareness to adapt by thinking Cyber The transition to working from home, as well as the necessary technological change, has had an effect on businesses all over the world. This has serious consequences for cybersecurity. Current approaches to human user security are antiquated, infrequent, complex or patronising. Yet, in a world
Publish At:2021-04-16 07:10 | Read:73 | Comments:0 | Tags: security

[SANS ISC] HTTPS Support for All Internal Services

I published the following diary on isc.sans.edu: “HTTPS Support for All Internal Services“: SSL/TLS has been on stage for a while with deprecated protocols, free certificates for everybody. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday, Chrome 9
Publish At:2021-04-16 06:44 | Read:79 | Comments:0 | Tags:SANS Internet Storm Center Security HTTPS network SANS ISC

Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding

Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million.Founded in April 2020, the London, United Kingdom-based security firm helps enterprises investigate and respond to cyber-incidents in cloud environments.Providing autom
Publish At:2021-04-15 23:40 | Read:185 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Cloud security