HackDig : Dig high-quality web security articles

Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco
Publish At:2021-10-23 18:25 | Read:53 | Comments:0 | Tags:Breaking News Security Cisco SD-WAN Hacking hacking news inf

FTC: ISPs collect and monetize far more user data than you’d think

The Federal Trade Commission (FTC) found that the six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process."Many internet service providers (ISPs) collect and share far more data about their customers than many consumers ma
Publish At:2021-10-23 16:04 | Read:103 | Comments:0 | Tags:Security

Hacker sells the data for millions of Moscow drivers for $800

Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800.According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019Russian news publisher Kommersant called a small sample of the exposed indivi
Publish At:2021-10-23 16:03 | Read:80 | Comments:0 | Tags:Security hack

Popular NPM library hijacked to install password-stealers, miners

Hackers hijacked the popular UA-Parser-JS NPM library, with millions of downloads a week, to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack.The UA-Parser-JS library is used to parse a browser's user agent to identify a visitor's browser, engine, OS, CPU, and Device type/model.The library is imme
Publish At:2021-10-23 16:03 | Read:31 | Comments:0 | Tags:Security

'Critical Severity' Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close to 8 million downloads per week.The hack, which raised eyebrows because of the software supply chain implications, prompted a “critical severity” warning from GitHub that any computer with the embed
Publish At:2021-10-23 14:22 | Read:61 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular lib
Publish At:2021-10-23 11:45 | Read:89 | Comments:0 | Tags:Breaking News Malware Cryptocurrency miner Cybersecurity cyb

Resilience lies with security: Securing remote access for your business

Remote access has helped us become more interconnected than ever before. In the United States alone, two months into the pandemic, approximately 35% of the workforce was teleworking. The growth of remote access allowed individuals to work with organizations and teams they don’t physically see or meet. However, the demand for remote access has critical imp
Publish At:2021-10-22 21:24 | Read:157 | Comments:0 | Tags:Managed Service Providers cyber resilience security

The Week in Ransomware - October 22nd 2021 - Striking back

Between law enforcement operations, REvil's second shut down, and ransomware gangs' response to the hacking of their servers, it has been quite the week.This week's biggest news is the Reuters report that international law enforcement operation took over REvil's Tor infrastructure, which ultimately led to the shutdown of the ransomware again last Sunday.Sinc
Publish At:2021-10-22 19:59 | Read:136 | Comments:0 | Tags:Security ransomware

Groove ransomware group calls on other ransomware gangs to hit US public sector

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil was itself hacked a
Publish At:2021-10-22 19:37 | Read:33 | Comments:0 | Tags:Breaking News Cyber Crime Malware Groove ransomware Hacking

Facebook SSRF Dashboard allows hunting SSRF vulnerabilities

Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web securit
Publish At:2021-10-22 18:20 | Read:86 | Comments:0 | Tags:Breaking News Hacking Facebook information security news IT

REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation

The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack.SecurityWeek has confirmed a Reuters report that the Tor servers associated with the REvil ransomware gang were seized in what was described as a “multi-co
Publish At:2021-10-22 18:18 | Read:76 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Applicati

DarkSide ransomware rushes to cash out $7 million in Bitcoin

Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster.The funds have been moving to multiple new wallets since yesterday, a smaller amount being transferred with each transaction to make the money more difficult to track.The timing aligns with the tak
Publish At:2021-10-22 16:04 | Read:25 | Comments:0 | Tags:Security ransomware

SCUF Gaming store hacked to steal credit card info of 32,000 customers

Image: SCUF GamingSCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information.SCUF Gaming makes high-performance and customized gaming controllers for PCs and consoles, used by both profession
Publish At:2021-10-22 16:03 | Read:139 | Comments:0 | Tags:Security hack

[CSA-2021-003] Remote Code Execution in GridPro Request Management for Windows Azure Pack

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Certitude Securtiy Advisory - CSA-2021-003 ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ PRODUCT : GridPro Request Management for Windows Azure Pack VENDOR : GridPro Software SEVERITY : Crit
Publish At:2021-10-22 15:44 | Read:119 | Comments:0 | Tags:No Tag

How the 2011 DigiNotar Attacks Changed Cybersecurity for the Next Decade

The DigiNotar attack in 2011 set itself apart because it was an attack on the cybersecurity industry itself. Most attacks are on a single company. But this one shook trust in cybersecurity tools and how users decide whom to trust online. After covering this industry for years, I’ve seen firsthand how cyber attacks don’t happen in a vacuum. Inste
Publish At:2021-10-22 15:28 | Read:90 | Comments:0 | Tags:Incident Response Risk Management Security Services cyber at

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Friend Links