HackDig : Dig high-quality web security articles for hacker

WordPress 4.7.2 release addresses XSS, SQL Injection vulnerabilities

According to the release notes the latest version of WordPress 4.7.2 addresses three security, including  XSS, SQL Injection flaws. The WordPress development team has pushed the WordPress 4.7.2 version that fixed three security issues, including a cross-site scripting and a SQL injection vulnerability. The new update comes just two weeks after WordPress rele
Publish At:2017-01-28 13:05 | Read:2730 | Comments:0 | Tags:APT Security CMS Hacking Pierluigi Paganini Security Affairs

WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs

According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for all previous versions. According to the release notes, the new version addresses eight security flaws an
Publish At:2017-01-13 23:05 | Read:3988 | Comments:0 | Tags:Breaking News Hacking CMS web application security WordPress

[CRITICAL] Nissan Leaf Can Be Hacked Via Web Browser From Anywhere In The World

What if a car could be controlled from a computer halfway around the world? Computer security researcher and hacker Troy Hunt has managed to do just that, via a web browser and an Internet connection, with an unmodified Nissan Leaf in another country. While so far the control was limited to the HVAC system, it’s a revealing demonstration of what’s possible.
Publish At:2016-11-20 03:20 | Read:3449 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates 0xic

Kemuri Water Company (KWC) | Hackers change chemical settings at water treatment plant

Hackers manipulated the programmable logic controllers that managed the amount of chemicals used to treat the water to make it safe to drink.   NEW YORK — March 23, 2016 — Hackers breached a water company’s industrial control system and made changes to valve and flow control settings, Verizon revealed in its latest Data Breach Digest. The unnamed w
Publish At:2016-11-20 03:20 | Read:6699 | Comments:0 | Tags:Critical Infrastructures Cyber Security ICS SCADA Security U

BYOD Makes Application Security a Matter of National Security

Several publications have commented on a new study from Harvard’s Berkman Center for Internet and Society. The study was called “Don’t Panic: Making Progress on the ‘Going Dark’ Debate.” Apple and others have designed products with so-called “end-to-end encryption,” meaning that a message between two users can
Publish At:2016-02-12 14:05 | Read:3741 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

NSA Directorates

An earlier post made the point that security problems can come from subdivisions of an organization pursuing incompatible goals. In the Cold War, for example, lack of coordination between the CIA and the State Department allowed the KGB to identify undercover agents. The Guardian reports that the NSA is reorganizing to address this issue. Previously, its off
Publish At:2016-02-05 19:20 | Read:2339 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

Top 10 Web Hacking Techniques of 2015

With 2015 coming to a close, the time comes for us to pay homage to top tier security researchers from the past year and properly acknowledge all of the hard work that has been given back to the infosec community. We do this through a nifty yearly process known as The Top 10 Web Hacking Techniques. Every year the security community produces a stunning number
Publish At:2016-01-12 16:40 | Read:2167 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

HTTP Methods

Much of the internet operates on HTTP, Hyper Text Transfer Protocol. With HTTP, the user sends a request and the server replies with its response. These requests are like the pneumatic tubes at the bank — a delivery system for the ultimate content. A user clicks a link; a request is sent to the server; the server replies with a response; the response h
Publish At:2015-12-30 03:10 | Read:4541 | Comments:0 | Tags:Technical Insight Tools and Applications Vulnerabilities Web

“Insufficient Authorization – The Basics” Webinar Questions – Part I

Recently we offered webinar on a really interesting Insufficient Authorization vulnerability: a site that allows the user to live chat with a customer service representative updated the transcript using a request parameter that an attacker could have manipulated in order to view a different transcript, potentially giving access to a great deal of confidentia
Publish At:2015-12-12 01:10 | Read:2773 | Comments:0 | Tags:Technical Insight Tools and Applications True Stories of the

An idea to help secure U.S. cybersecurity…

… and looking for the right person to show us how to do so. A few years back I was watching a presentation given by General Keith B. Alexander, who was at the time Commander, U.S. Cyber Command and previously Director of the National Security Agency (NSA). Gen. Alexander’s remarks focused on the cybersecurity climate from his perspective and the impact on U.
Publish At:2015-12-03 18:15 | Read:2407 | Comments:1 | Tags:Industry Observations Vulnerabilities Web Application Securi

The Ad Blocking Wars: Ad Blockers vs. Ad-Tech

More and more people find online ads to be annoying, invasive, dangerous, insulting, distracting, expensive, and just understandable, and have decided to install an ad blocker. In fact, the number of people using ad blockers is skyrocketing. According to PageFair’s 2015 Ad Blocking Report, there are now 198 million active adblock users around the world with
Publish At:2015-12-03 00:10 | Read:2453 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

“Crash Course – PCI DSS 3.1 is here. Are you ready?” Part II

Thanks to all who attended our recent webinar, “Crash Course – PCI DSS 3.1 is here. Are you ready?”. During the stream, there were a number of great questions asked by attendees that didn’t get answered due to the limited time. This blog post is a means to answer many of those questions. Still have questions? Want to know more about
Publish At:2015-12-01 12:00 | Read:2637 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

URLs are content

Justifications for the federal government’s controversial mass surveillance programs have involved the distinction between the contents of communications and associated “meta-data” about those communications. Finding out that two people spoke on the phone requires less red tape than listening to the conversations themselves. While “
Publish At:2015-11-30 17:55 | Read:3065 | Comments:0 | Tags:Industry Observations Technical Insight Tools and Applicatio

iBackDoor: High-Risk Code Hits iOS Apps

Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display ads, allowing for potential malicious access to sensiti
Publish At:2015-11-05 13:20 | Read:2997 | Comments:0 | Tags:Cyber Security Mobile Security Security Updates 0xicf Apple

Saving Systems from SQLi

There is absolutely nothing special about the TalkTalk breach — and that is the problem. If you didn’t already see the news about TalkTalk, a UK-based provider of telephone and broadband services, their customer database was hacked and reportedly 4 million records were pilfered. A major organization’s website is hacked, millions of records containing PII are
Publish At:2015-10-27 22:15 | Read:2565 | Comments:0 | Tags:Industry Observations Technical Insight Vulnerabilities Web

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud