HackDig : Dig high-quality web security articles for hacker

Do You Need Antivirus on iPhone?

Do You Need Antivirus on iPhone? May 26th, 2022 No Comments antivirus, Mobile Security Apple products have plenty of fans, many of whom are considered loyal to the brand. And when it comes to iPhone, one of the many reasons for that loyalty is Apple’s “walled-g
Publish At:2022-05-29 05:09 | Read:94 | Comments:0 | Tags:antivirus Mobile Security Mobile security Virus

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit

Title: Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root Exploit Advisory ID: ZSL-2022-5707 Type: Local/Remote Impact: System Access, DoS Risk: (4/5) Release Date: 29.05.2022SummaryThe C-Bus Network Automation Controller (5500NAC) and the Wiserfor C-Bus Automat
Publish At:2022-05-28 21:26 | Read:113 | Comments:0 | Tags: exploit

Microsoft: The new Windows 11 features from Build 2022

During the Build 2022 developer conference, Microsoft announced a number of new features for Windows 11, including an improved Windows Subsystem for Android (WSA) and more.Microsoft is upgrading the Android OS within the subsystem to Android 12L and adding support for advanced networking, so your mobile apps can easily communicate with devices outside the vi
Publish At:2022-05-28 18:51 | Read:40 | Comments:0 | Tags:Microsoft Software

New Windows Subsystem for Linux malware steals browser auth cookies

Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules.As the name of the feature implies, WSL allows running native Linux binaries to run on Windows in an environment that emulates th
Publish At:2022-05-28 14:53 | Read:97 | Comments:0 | Tags:Security

Clop ransomware gang is back, hits 21 victims in a single month

After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back, according to NCC Group researchers."CL0P had an explosive and unexpected return to the forefront of the ransomware threat landscape, jumping from the least active threat actor in March to the fourth most active in April,"
Publish At:2022-05-28 14:53 | Read:59 | Comments:0 | Tags:Security ransomware

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

360 Qihoo reported DDoS attacks launched by APT-C-53 (aka Gamaredon) conducted through the open-source DDoS Trojan program LOIC. Researchers at 360 Qihoo observed a wave of DDoS attacks launched by Russia-linked APT-C-53 (aka Gamaredon) and reported that the threat actors also released as open-source the code of a DDoS Trojan called LOIC. The instances o
Publish At:2022-05-28 13:15 | Read:105 | Comments:0 | Tags:APT Breaking News Cyber warfare Malware DDoS Gamaredon APT H

The strange link between Industrial Spy and the Cuba ransomware operation

The recently launched Industrial Spy data extortion marketplace has now started its ransomware operation. In April, Malware HunterTeam and Bleeping Computer reported the launch of a new dark web marketplace called Industrial Spy that sells stolen data and offers free stolen data to its members. MalwareHunterTeam researchers spotted malware samples [1, 2]
Publish At:2022-05-28 11:07 | Read:61 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cuba Ransomware Cy

Reuters: Russia-linked APT behind Brexit leak website

Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. According to a Google cybersecurity official and the former head of UK foreign intelligence, the “Very English Coop d’Etat” website was set up to publish private emails from
Publish At:2022-05-28 10:31 | Read:132 | Comments:0 | Tags:Breaking News Data Breach Hacking Intelligence APT Cold Rive

GitHub: Nearly 100,000 NPM Users’ credentials stolen in the April OAuth token attack

GitHub provided additional details into the theft of its integration OAuth tokens that occurred in April, with nearly 100,000 NPM users’ credentials. GitHub provided additional details about the incident that suffered in April, the attackers were able to steal nearly 100K NPM users’ credentials. In April, GitHub uncovered threat actors usin
Publish At:2022-05-28 07:09 | Read:117 | Comments:0 | Tags:Breaking News Hacking GitHub hacking news IT Information Sec

[CVE-2022-0779] User Meta "um_show_uploaded_file" Path Traversal / Local File Enumeration

RCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY INFORMATION=======================Product: User MetaVendor URL: https://wordpress.org/plugins/user-metaType: Relative Path Traversal [CWE-23]Date found: 2022-02-28Date published: 2022-05-24CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)CVE: CVE-
Publish At:2022-05-27 22:40 | Read:83 | Comments:0 | Tags:No Tag

Trojan-Ransom.Thanos / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source:https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txtContact: malvuln13 () gmail comMedia: twitter.com/malvulnThreat: Trojan-Ransom.ThanosVulnerability: Code ExecutionDescription: Thanos looks for and executes DLLs in its current directory.Therefore, we can potentially
Publish At:2022-05-27 22:40 | Read:445 | Comments:0 | Tags:No Tag

FBI warns of hackers selling credentials for U.S. college networks

Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States.This type of advertisement is present on both publicly available cybercriminal online forums as well as marketplaces on the dark web.Thousands of creds for saleThe Federal Bureau of Investigation (FBI) has
Publish At:2022-05-27 18:51 | Read:87 | Comments:0 | Tags:Security FBI hack

Android pre-installed apps are affected by high-severity vulnerabilities

Microsoft found several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps. The Microsoft 365 Defender Research Team discovered four vulnerabilities (CVE-2021-42598, CVE-2021-42599, CVE-2021-42600, and CVE-2021-42601) in a mobile framework, owned by mce Systems, that is used by several mobile carri
Publish At:2022-05-27 18:27 | Read:145 | Comments:0 | Tags:Breaking News Hacking Mobile Android hacking news informatio

Microsoft Finds Major Security Flaws in Pre-Installed Android Apps

Bug hunters at Microsoft are calling attention to several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps, warning that exploitation could have allowed the implantation of a persistent backdoor on Android devices.According to an advisory released Friday by the Microsoft 365 Defender Research Team, a total of four
Publish At:2022-05-27 17:08 | Read:47 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

Exploitation of VMware Vulnerability Imminent Following Release of PoC

When VMware announced patches for a critical vulnerability on May 18, users were warned that exploitation in the wild would likely start soon, and now a proof-of-concept (PoC) exploit targeting the flaw has been made public.The vulnerability, tracked as CVE-2022-22972, affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It allows a
Publish At:2022-05-27 17:08 | Read:65 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Announce

Share high-quality web security related articles with you:)

Friend Links