HackDig : Dig high-quality web security articles for hacker

Investigating Sites After They are Gone; And a Case of Uber Phishing With SSL, (Mon, May 22nd)

A reader sent us an interesting find of a phishing site that is going after Uber credentials. Uber credentials are often stolen and resold to obtain free rides. One method the credentials are stolen is phishing. The latest example is using convincing looking Uber receipt emails. These emails feature a prominent link to uberdisputes.com. Uberdisputes.c
Publish At:2017-05-23 08:40 | Read:60 | Comments:0 | Tags:No Tag

CFP - WPES - 2017 Workshop on Privacy in the Electronic Society

CALL FOR PAPERS===============****************************************************** 2017 Workshop on Privacy in the Electronic Society (WPES 2017) Dallas, Texas, USA - October 30, 2017 https://cs.pitt.edu/wpes2017******************************************************The need for privacy-aware policies, regulations, an
Publish At:2017-05-23 07:43 | Read:66 | Comments:0 | Tags:No Tag

CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

[+] Credits: John Page AKA hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt[+] ISR: APPARITIONSECVendor:=============www.pmail.comProduct:===========================Pegasus "winpm-32.exe"v4.72 build 572Pegasus Mail: Pegasus Mail is a free, standards-bas
Publish At:2017-05-23 07:43 | Read:59 | Comments:0 | Tags:No Tag

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt[+] ISR: ApparitionSecVendor:====================www.secure-bytes.comProduct:=====================Secure Auditor - v3.0Vulnerability Type:===================Directory TraversalCVE Reference:
Publish At:2017-05-23 07:42 | Read:70 | Comments:0 | Tags:No Tag

CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

[+] Credits: John Page a.k.a hyp3rlinx[+] Website: hyp3rlinx.altervista.org[+] Source:http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt[+] ISR: ApparitionSecVendor:================www.mantisbt.orgProduct:=========Mantis Bug Tracker1.3.10 / v2.3.0MantisBT is a popular free web-based bug tracking system. It is written i
Publish At:2017-05-23 07:41 | Read:34 | Comments:0 | Tags: Csrf

HP SimplePass Local Privilege Escalation

# Vulnerability Title: HP SimplePass Local Privilege Escalation# Advisory Release Date: 05/18/2017# Credit: Discovered By Rehan Ahmed# Contact: knight_rehan () hotmail com# Severity Level: Medium# Type: Local# Tested Platform: Windows 8 & 10 x64# Vendor: HP Inc.# Vendor Site: http://www.hp.com# Download Link: http://ftp.hp.com/pub/softpaq/sp64001-64500/s
Publish At:2017-05-23 07:41 | Read:48 | Comments:0 | Tags:No Tag

Out of bound memory access in PJSIP multipart parser crashes Asterisk

# Out of bound memory access in PJSIP multipart parser crashes Asterisk- Authors: - Alfred Farrugia <alfred () enablesecurity com> - Sandro Gauci <sandro () enablesecurity com>- Vulnerable version: Asterisk 14.4.0 running `chan_pjsip`, PJSIP 2.6- References: AST-2017-003- Enable Security Advisory:<https://github.com/EnableSecurity/advis
Publish At:2017-05-23 07:41 | Read:121 | Comments:0 | Tags:No Tag

Asterisk Skinny memory exhaustion vulnerability leads to DoS

# Asterisk Skinny memory exhaustion vulnerability leads to DoS- Authors: - Alfred Farrugia <alfred () enablesecurity com> - Sandro Gauci <sandro () enablesecurity com>- Vulnerable version: Asterisk 14.4.0 with `chan_skinny` enabled- References: AST-2017-004- Enable Security Advisory:<https://github.com/EnableSecurity/advisories/tree/mas
Publish At:2017-05-23 07:40 | Read:118 | Comments:0 | Tags: Vulnerability

Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP

# Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip andPJSIP- Authors: - Alfred Farrugia <alfred () enablesecurity com> - Sandro Gauci <sandro () enablesecurity com>- Vulnerable version: Asterisk 14.4.0 running `chan_pjsip`, PJSIP 2.6- References: AST-2017-002- Enable Security Advisory:<https://github.com/EnableSecurity/a
Publish At:2017-05-23 07:40 | Read:52 | Comments:0 | Tags:No Tag

Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting Vulnerability

Document Title:===============Wordpress Newsletter Supsystic 1.1.7 - Cross Site Scripting VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2070Release Date:=============2017-05-16Vulnerability Laboratory ID (VL-ID):====================================2070Common Vulnerability Scoring System:============
Publish At:2017-05-23 07:40 | Read:134 | Comments:0 | Tags: Vulnerability

Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability

Document Title:===============Simple ASC CMS v1.2 - (Guestbook) Persistent VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2072Release Date:=============2017-05-21Vulnerability Laboratory ID (VL-ID):====================================2072Common Vulnerability Scoring System:===========================
Publish At:2017-05-23 07:40 | Read:45 | Comments:0 | Tags: Vulnerability

HTTrack v3.x - Stack Buffer Overflow Vulnerability

Document Title:===============HTTrack v3.x - Stack Buffer Overflow VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2068Release Date:=============2017-05-22Vulnerability Laboratory ID (VL-ID):====================================2068Common Vulnerability Scoring System:===================================
Publish At:2017-05-23 07:40 | Read:65 | Comments:0 | Tags: Vulnerability

SEC Consult SA-20170523-0 :: Arbitrary File Upload & Stored XSS in InvoicePlane

SEC Consult Vulnerability Lab Security Advisory < 20170523-0 >======================================================================= title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2 CVE number: - impact: High homepage: https://
Publish At:2017-05-23 07:40 | Read:36 | Comments:0 | Tags: Xss

Europol arrested 27 for jackpotting attacks on ATM across the Europe

27 people have been arrested by the Europol for jackpotting attacks on ATM across many countries in Europe. Europol has arrested 27 people accused of being involved in a series of successful black box attacks against ATMs across Europe. Since 2016, these attacks have resulted in more than €45 million in losses.“The efforts of a number of EU Member Stat
Publish At:2017-05-23 07:26 | Read:80 | Comments:0 | Tags:Breaking News Cyber Crime Hacking

Expert founds EternalRocks, a malware that uses 7 NSA Hacking Tools

A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware. The security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular Wan
Publish At:2017-05-23 07:25 | Read:96 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Intelligence Malware cri

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud