HackDig : Dig high-quality web security articles for hackers

Microsoft Tops Q3 List of Most-Impersonated Brands

The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.Microsoft bumped Amazon and Google to place first for the brand most imitated by cybercriminals in phishing attacks that go after individuals' account credentials and payment information, according to Check P
Publish At:2020-10-19 17:30 | Read:59 | Comments:0 | Tags:No Tag

IoT Vulnerability Disclosure Platform Launched

VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.A new online platform for IoT vendors to use in receiving, assessing, managing, and mitigating vulnerabilities and reports has been launched by the IoT Security Foundation (IoTSF). The new platform, VulnerableThings.com, is intende
Publish At:2020-10-19 17:30 | Read:68 | Comments:0 | Tags: Vulnerability

GravityRAT Spyware Targets Android & MacOS in India

The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.Researchers have identified GravityRAT, a spying remote access Trojan (RAT) known to target devices in India, in an attack campaign against Android and MacOS devices. The activity was still ongoing at the time their findings were
Publish At:2020-10-19 17:30 | Read:59 | Comments:0 | Tags: android

HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal

#!/usr/bin/env bash# Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal# Date: 2020-09-20# Exploit Author: Alexei Kojenov# Vendor Homepage: https://www.szuray.com/# Software Link: N/A# Version: up to 1.97# Tested on: Linux# CVE: CVE-2020-24219# Vendors: URayTech# Reference: https://kojenov.com/2020-09-15-hisilicon-en
Publish At:2020-10-19 16:50 | Read:18 | Comments:0 | Tags:No Tag

Microsoft SharePoint SSI / ViewState Remote Code Execution

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include Msf::Exploit::ViewState include Msf::Exploit::CmdStager in
Publish At:2020-10-19 16:50 | Read:19 | Comments:0 | Tags:No Tag

U.S. Charges Russian Intelligence Officers for NotPetya, Industroyer Attacks

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years.The defendants are Yuriy Sergeyevich Andrienko, aged 32, Sergey Vladimirovich Detistov, 35, Pavel Valeryevich Frolov, 28, Anatoliy Sergeyevich Kovalev, 29, Artem Valeryevich Oc
Publish At:2020-10-19 16:28 | Read:74 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Tracking & Law Enforcem

Scammers Seize on US Election, But It's Not Votes They Want

The email from a political action committee seemed harmless: if you support Joe Biden, it urged, click here to make sure you’re registered to vote.But Harvard University graduate student Maya James did not click. Instead, she Googled the name of the soliciting PAC. It didn’t exist -- a clue the email was a phishing scam from swindlers trying to exploit the U
Publish At:2020-10-19 16:28 | Read:75 | Comments:0 | Tags:NEWS & INDUSTRY Fraud & Identity Theft Cybercrime

Android, macOS Versions of GravityRAT Spyware Spotted in Ongoing Campaign

Kaspersky security researchers have identified versions of the GravityRAT spyware that are targeting Android and macOS devices.Initially detailed in 2018, the RAT was previously employed in attacks targeting the Indian military, as part of a campaign that is believed to have been active since 2015. Targeting Windows systems, the tool has mainly been used for
Publish At:2020-10-19 16:28 | Read:76 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Trickbot, Phishing, Ransomware & Elections

The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door. The last few weeks have been rough for the operators of the Trickbot botnet, a malware-as-a-service operation, who are facing coordinated attacks from both the US Cyber Command and Microsoft, with the aid of a number of
Publish At:2020-10-19 16:25 | Read:72 | Comments:0 | Tags: ransomware

A week in security (September 12 – September 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potential FIFA 21 scams, the return of QR code scams, Covid fatigue, a
Publish At:2020-10-19 16:17 | Read:56 | Comments:0 | Tags:A week in security a week in security awis facebook football

Waze Vulnerability Lets Attackers Track and Identify Users

A vulnerability has been discovered in Google's GPS navigation software app Waze that lets hackers identify and track users. Autoevolution.com reports that the flaw was discovered by security engineer Peter Gasper. When using the app's web interface, Gasper discovered that he could request the Waze API to display not only his coor
Publish At:2020-10-19 15:25 | Read:38 | Comments:0 | Tags: Vulnerability

Instagram's Handling of Children's Data Under Investigation

Social media app Instagram is being investigated by the EU for allegedly failing to protect the privacy of children's data. Instagram's alleged data mishandling allowed the email addresses and phone numbers of children aged under 18 to become visible to other users of the platform. Facebook, which owns the social media app, has denied
Publish At:2020-10-19 15:25 | Read:48 | Comments:0 | Tags:No Tag

Cyber-attack on Mississippi Schools Costs $300k

A Mississippi school district has voted to pay $300,000 to recover files that were encrypted during a suspected ransomware attack.A federal investigation was launched after threat actors accessed Yazoo County School District’s information technology system without authorization. Superintendent Dr. Ken Barron told WLBT news that the schoo
Publish At:2020-10-19 15:25 | Read:56 | Comments:0 | Tags: cyber

Microsoft removed another Windows 10 2004 safeguard hold

Microsoft removed a Windows 10, version 2004 compatibility hold blocking devices with certain WWAN LTE modems from upgrading to the latest Windows version.Safeguard holds (also known as compatibility holds) are added by Microsoft based on known issues and diagnostic data to delay Windows upgrades on affected devices and to protect the end-user
Publish At:2020-10-19 14:12 | Read:115 | Comments:0 | Tags:Microsoft

Windows GravityRAT malware now also targets Android, macOS

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices.The GravityRAT Remote Access Trojan (RAT) has been under active development by what looks like Pakistani hacker groups&nbs
Publish At:2020-10-19 14:12 | Read:110 | Comments:0 | Tags:Security android

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Friend Links