HackDig : Dig high-quality web security articles for hacker

Cisco patches a DoS vulnerability in IOE XE operating system

Cisco fixed a vulnerability in IOE XE software that was introduced due to changes to its implementation of the BGP over an Ethernet VPN. Cisco patches a DoS vulnerability in IOE XE software that was introduced due to changes to its implementation of the Border Gateway Protocol (BGP) over an Ethernet VPN. The Cisco IOS XE operating system automates network op
Publish At:2017-11-07 05:10 | Read:573 | Comments:0 | Tags:Breaking News Security Vulnerability

Estonia suspends security digital certificates for up to 760,000 state-issued electronic ID-cards over Identity-Theft ri

It has happened, one of the most cyber-savvy states, Estonia decided to block Electronic ID Cards over identity theft risk. On Thursday, Estonia announced that it would suspend security digital certificates for up to 760,000 state-issued electronic ID-cards that are using the buggy chips to mitigate the risk of identity theft. The decision comes after IT sec
Publish At:2017-11-05 16:20 | Read:330 | Comments:0 | Tags:Breaking News Digital ID Security

Flaws in IEEE P1735 electronics standard expose intellectual property

Experts discovered flaws in IEEE P1735 electronics standard, which describes methods for encrypting electronic-design intellectual property (IP). Crypto flaws in the IEEE P1735 electronics standard expose highly-valuable intellectual property in plaintext. The IEEE P1735 electronics standard provides recommendations on methods and techniques for encrypting e
Publish At:2017-11-05 16:20 | Read:275 | Comments:0 | Tags:Breaking News Hacking Security IEEE P1735 electronics standa

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:284 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

OpenSSL patches vulnerabilities discovered with Google OSS-Fuzz fuzzing service

OpenSSL patches two low and medium severity vulnerabilities that were discovered by using Google’s open source OSS-Fuzz fuzzing service. The medium severity vulnerability tracked as CVE-2017-3736 was addressed with the release of OpenSSL 1.1.0g and 1.0.2m. The flaw is a carry propagating bug in the x86_64 Montgomery squaring procedure, it affects processors
Publish At:2017-11-03 08:40 | Read:241 | Comments:0 | Tags:Breaking News Hacking Security Google OpenSSL. encryption os

Oracle issues an emergency patch for a bug in Oracle Identity Manager, apply it now!

Oracle fixed a flaw in Oracle Identity Manager that was rated with a CVSS v3 score of 10.0 and can result in complete compromise of the software via an unauthenticated network attack. Oracle issued an emergency patch for a vulnerability in Oracle Identity Manager, the flaw tracked as CVE-2017-10151 was rated 10 in severity on the CVSS scale. “This Secu
Publish At:2017-11-01 19:50 | Read:267 | Comments:0 | Tags:Breaking News Security CVE-2017-10151 Hacking Oracle Identit

Splunk Custom Search Command: Searching for MISP IOC’s

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events, it becomes quickly mandatory to deploy techniques to help you to extract juicy inf
Publish At:2017-10-31 14:55 | Read:339 | Comments:0 | Tags:MISP Security Splunk Hunting IOC Python

Investigation Underway at Heathrow Airport After USB Drive Containing Sensitive Security Documents Found on Sidewalk

Security personnel at Heathrow Airport have an exciting investigation underway after confidential security documentation was found on a sidewalk in West London. An unnamed man, on his way to the library, spotted a thumb drive on the sidewalk in Queen’s Park, West London. He pocketed the USB drive and continued on his way. He remembered the USB drive a
Publish At:2017-10-31 06:55 | Read:289 | Comments:0 | Tags:Breaking News Security Terrorism Heathrow Airport security

Securing the Modern Endpoint the SANS Maturity Way

In Case You Missed It Bromium recently engaged in a series of communications and events on the topic of Securing the Modern Endpoint, covering timely and provocative concepts including: How detection consistently fails to secure the enterprise and why new thinking is desperately needed How to realign your defenses around a modern threat risk model using few
Publish At:2017-10-30 17:15 | Read:224 | Comments:0 | Tags:Threats case study data sheet defenses detection endpoint mo

[SANS ISC] Stop relying on file extensions

I published the following diary on isc.sans.org: “Stop relying on file extensions“. Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’. To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’
Publish At:2017-10-24 21:20 | Read:358 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC YARA

SANS Maturity Model Webinar Describes How to Grow Your Security Strategy

Setting your security strategy is a challenging task that comes with lot of opinions (and vendors!). SANS provides a rationale for growing protection that is logically calibrated to growth and expanding needs. Register for this webinar and even if you can’t make it, we’ll send you the recording (and a whitepaper). With so many security solution
Publish At:2017-10-21 16:25 | Read:298 | Comments:0 | Tags:Innovation maturity model recording registration SANS Securi

Securing smart grid and advanced metering infrastructure

The year is 2020, high economic, military and cultural tension between Russia & the US. You are at the London office, entering a video meeting with the sales team in America, the American team presents with enthusiasm the sales achievement of the recent quarter, then, suddenly the call is disconnected. You are trying to re-establish the connection with n
Publish At:2017-10-06 11:30 | Read:280 | Comments:0 | Tags:Breaking News Security critical infrastructure cyber securit

Russian firm provides North Korea with second Internet route

Dyn Research discovered traffic coming from North Korea running over the Russian TransTeleCom network, this is the second internet route of the regime. North Korea gets a second Internet connection thanks to the support of a state-owned Russian firm. From the perspective of security analysts, this second connection will improve in a significant way the cyber
Publish At:2017-10-05 17:05 | Read:370 | Comments:0 | Tags:Breaking News Security DDoS Hacking North Korea Pyongyang

Which are most frequently blacklisted apps by enterprises?

Mobile security firm Appthority published an interesting report that revealed which Android and iOS applications are most frequently blacklisted by enterprises. The company Appthority has published an interesting report that reveals which mobile apps, both Android and iOS, are most frequently blacklisted by enterprises. “The mobile ecosystem in an ente
Publish At:2017-10-04 22:40 | Read:353 | Comments:0 | Tags:Breaking News Mobile Reports Security blacklisted apps BYOD

[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and webm
Publish At:2017-10-02 23:20 | Read:491 | Comments:0 | Tags:Incident Management SANS Internet Storm Center Security Pass

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud