HackDig : Dig high-quality web security articles for hacker

CheckPoint experts spotted Three Critical 0-Day in PHP 7

Researchers at the security firm CheckPoint have discovered three fresh critical zero day vulnerability in the last PHP 7. Security researchers at the firm CheckPoint have discovered three fresh critical 0-day vulnerabilities in last PHP 7. These vulnerabilities allow an attacker to take full control over 80 percent of websites which run on the latest releas
Publish At:2016-12-30 20:05 | Read:2423 | Comments:0 | Tags:Breaking News Hacking 0-day PHP 7

Remotely Disabling a Wireless Burglar Alarm

By Andrew Zonenberg @azonenbergCountless movies feature hackers remotely turning offsecurity systems in order to infiltrate buildings without being noticed. Buthow realistic are these depictions? Time to find out.Today we’re releasing information on a critical securityvulnerability in a wireless home security system from SimpliSafe. This system consis
Publish At:2016-11-19 20:15 | Read:3182 | Comments:0 | Tags:0-day 0day alarm Andrew Zonenberg burglar cyber attack hacki

A zero day flaw in OpenJPEG JPEG 2000 could lead arbitrary code execution

Cisco Talos Team disclosed a zero-day flaw affecting the JPEG 2000 image file format parser implemented in the OpenJPEG library.  Security experts at Cisco Talos group have discovered a serious vulnerability (TALOS-2016-0193/CVE-2016-8332) affecting the JPEG 2000 image file format parser implemented in OpenJPEG library. An attacker could exploit the flaw to
Publish At:2016-10-02 18:50 | Read:1888 | Comments:0 | Tags:Breaking News Hacking 0-day CVE-2016-8332 JPEG 2000 TALOS-20

Stuxnet: more historical than hysterical, I hope

Stuxnet: more historical than hysterical, I hope Posted by David Harley on June 7, 2016.I don’t make a habit of using this blog to advertise another, but the article I’m going to talk about is just too long to rewrite for this blog. And in fact, I’m not generally a fa
Publish At:2016-06-07 22:05 | Read:2356 | Comments:0 | Tags:David Harley 0-day certifications ESET ICS Iraqi printer vir

0-day critical flaws in mobile modems allow hackers to take over your PC

The Russian security tester Timur Yunusov has discovered critical flaw affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The Russian security tester Timur Yunusov has discovered critical vulnerabilities affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The security holes could be exploited
Publish At:2016-03-12 11:25 | Read:3032 | Comments:0 | Tags:Breaking News Hacking Mobile 0-day Cross-site Request Forger

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the o
Publish At:2016-02-09 17:00 | Read:1688 | Comments:0 | Tags:Threat Research 0-day Adobe Flash angler Bedep Talos Threat

The Internet of Things Is Not Always So Comforting

Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever
Publish At:2016-02-08 22:55 | Read:2074 | Comments:0 | Tags:Threat Research 0-day IoT Talos Trane vulnerability Vulnerab

Microsoft Patch Tuesday – December 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated “Critical” this month and address vulnerabilities in Graphics Component, Edge, Internet Exp
Publish At:2015-12-09 04:05 | Read:1428 | Comments:0 | Tags:Threat Research 0-day ms tuesday patch tuesday Talos

Vulnerability Spotlight: Microsoft Windows CDD Font Parsing Kernel Memory Corruption

Discovered by Andrea Allievi and Piotr Bania of Cisco Talos. Talos, in conjunction with Microsoft’s security advisory issued on September 8th, is disclosing the discovery of a memory corruption vulnerability within the Microsoft Windows CDD Font Parsing Kernel Driver. This vulnerability was initially discovered by the Talos and reported in accordance wi
Publish At:2015-09-08 17:35 | Read:2089 | Comments:0 | Tags:Threat Research 0-day security Talos vulnerability spotlight

ICS-CERT warns for 0-Day vulnerabilities in SCADA systems

The ICS-CERT has recently published six security advisories to warn organizations about a number of 0-day flaws in SCADA systems. The ICS-CERT has published six advisories to warn organizations about the presence of Zero-Day Flaws in SCADA Systems. Aditya K. Sood, security researcher at Elastica, has revealed in a talk at the
Publish At:2015-08-18 14:15 | Read:2468 | Comments:0 | Tags:Breaking News Hacking Security 0-day Def Con 2015 HMI ICS-CE

Talos Identifies Multiple Memory Corruption Issues in Quicktime

Talos, in conjunction with Apple’s security advisory issued on August 13, is releasing five advisories for vulnerabilities that Talos found in Apple Quicktime. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been reported to Apple and CERT. This post serves as a summary for the advisories being released
Publish At:2015-08-14 01:35 | Read:1649 | Comments:0 | Tags:Threat Research 0-day Apple Talos Vulnerability Research

#HackerKast 42: Hacking Team, LastPass Clickjacking, Cowboy Adventure Game Distributes Malware, Droopescan, WhiteHat Acc

Welcome to the Episode in which we describe the answer to the Ultimate Question of Life, the Universe, and Everything. Maybe we’ll just stick to security but we’ve now done 42 of these things. Kicking off this week with a gigantic combined story about Hacking Team, the story that keeps on giving. We touched on this breach last week but as people
Publish At:2015-07-18 15:50 | Read:3457 | Comments:0 | Tags:Vulnerabilities Web Application Security WhiteHat HackerKast

Vulnerability Spotlight: Total Commander FileInfo Plugin Denial of Service

Talos is releasing an advisory for multiple vulnerabilities that have been found within the Total Commander FileInfo Plugin. These vulnerabilities are local denial of service flaws and have been assigned CVE-2015-2869. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been disclosed to the plugin author(s
Publish At:2015-07-18 01:35 | Read:2283 | Comments:0 | Tags:Threat Research 0-day Talos Total Commander Vulnerability Re

Vulnerability Spotlight: Apple Quicktime Corrupt stbl Atom Remote Code Execution

This post was authored by Rich Johnson, William Largent, and Ryan Pentney. Earl Carter contributed to this post.Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th,  is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerability was initially discovered by the Talos Vulnerability Res
Publish At:2015-06-30 21:30 | Read:2193 | Comments:0 | Tags:Threat Research 0-day Apple research security stbl Talos vul

Microsoft Patch Tuesday – May 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 13 bulletins being released which address 48 CVEs. Three of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer, GDI+ Font Parsing, and Windows Journa
Publish At:2015-05-13 01:40 | Read:3818 | Comments:0 | Tags:Threat Research 0-day coverage ms tuesday rules security Tal

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud