HackDig : Dig high-quality web security articles

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read flaw makes it possible to manipulate parts of the memory w
Publish At:2022-05-17 16:57 | Read:142 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apple Mac Apple TV Apple

What SMBs can do to protect against Log4Shell attacks

As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell (CVE-2021-44228), aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event that happens in a computer system. The records it produces are
Publish At:2021-12-15 21:01 | Read:897 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apache logger flaw botnet

A week in security (Nov 15 – Nov 21)

Last week on Malwarebytes Labs Instagram’s memorialize feature abused to memorialize…Instagram’s bossEvasive manoeuvres: HTML smuggling explainedFBI server hijacked to send up to 100,000 bogus attack mailsNew Mac malware raises more questions about Apple’s security patchingSharkBot Android banking Trojan cleans users outSoNot SoSa
Publish At:2021-11-22 08:49 | Read:33 | Comments:0 | Tags:A week in security 0-day amazon Android banking Trojan andro

A week in security (Nov 1 – Nov 7)

Last week on Malwarebytes Labs Celebrity jewelry house Graff falls victim to ransomwareLessons from a real-life ransomware attackIs Apple’s Safari browser the last, best hope for web privacy?What is Twitch?Google patches zero-day vulnerability, and others, in AndroidZuckerberg’s Metaverse, and the possible privacy and security concernsThis Ste
Publish At:2021-11-08 08:48 | Read:80 | Comments:0 | Tags:A week in security 0-day BlackMatter card skimmer CERT-Franc

A week in security (Sept 13 – Sept 19)

Last week on Malwarebytes Labs Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17The many tentacles of Magecart Group 8Apple releases emergency update: Patch, but don’t panicUpdate now! Google Chrome fixes two in-the-wild zero-daysParts of the Dark Web “awash” with school children’s personal dataPatch now! Print
Publish At:2021-09-20 07:24 | Read:3549 | Comments:0 | Tags:A week in security 0-day adselfservice plus avoid US sanctio

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zero team, and patches were issued yesterday. What has Apple
Publish At:2020-11-06 17:11 | Read:1835 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apple CVE-2020-27930 CVE-

CheckPoint experts spotted Three Critical 0-Day in PHP 7

Researchers at the security firm CheckPoint have discovered three fresh critical zero day vulnerability in the last PHP 7. Security researchers at the firm CheckPoint have discovered three fresh critical 0-day vulnerabilities in last PHP 7. These vulnerabilities allow an attacker to take full control over 80 percent of websites which run on the latest releas
Publish At:2016-12-30 20:05 | Read:5641 | Comments:0 | Tags:Breaking News Hacking 0-day PHP 7

Remotely Disabling a Wireless Burglar Alarm

By Andrew Zonenberg @azonenbergCountless movies feature hackers remotely turning offsecurity systems in order to infiltrate buildings without being noticed. Buthow realistic are these depictions? Time to find out.Today we’re releasing information on a critical securityvulnerability in a wireless home security system from SimpliSafe. This system consis
Publish At:2016-11-19 20:15 | Read:13626 | Comments:0 | Tags:0-day 0day alarm Andrew Zonenberg burglar cyber attack hacki

A zero day flaw in OpenJPEG JPEG 2000 could lead arbitrary code execution

Cisco Talos Team disclosed a zero-day flaw affecting the JPEG 2000 image file format parser implemented in the OpenJPEG library.  Security experts at Cisco Talos group have discovered a serious vulnerability (TALOS-2016-0193/CVE-2016-8332) affecting the JPEG 2000 image file format parser implemented in OpenJPEG library. An attacker could exploit the flaw to
Publish At:2016-10-02 18:50 | Read:4963 | Comments:0 | Tags:Breaking News Hacking 0-day CVE-2016-8332 JPEG 2000 TALOS-20

Stuxnet: more historical than hysterical, I hope

Stuxnet: more historical than hysterical, I hope Posted by David Harley on June 7, 2016.I don’t make a habit of using this blog to advertise another, but the article I’m going to talk about is just too long to rewrite for this blog. And in fact, I’m not generally a fa
Publish At:2016-06-07 22:05 | Read:5731 | Comments:0 | Tags:David Harley 0-day certifications ESET ICS Iraqi printer vir

0-day critical flaws in mobile modems allow hackers to take over your PC

The Russian security tester Timur Yunusov has discovered critical flaw affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The Russian security tester Timur Yunusov has discovered critical vulnerabilities affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The security holes could be exploited
Publish At:2016-03-12 11:25 | Read:9409 | Comments:0 | Tags:Breaking News Hacking Mobile 0-day Cross-site Request Forger

Bedep Lurking in Angler’s Shadows

This post is authored by Nick Biasini.In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payloads were some variation of ransomware and noted one of the o
Publish At:2016-02-09 17:00 | Read:5305 | Comments:0 | Tags:Threat Research 0-day Adobe Flash angler Bedep Talos Threat

The Internet of Things Is Not Always So Comforting

Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever
Publish At:2016-02-08 22:55 | Read:5528 | Comments:0 | Tags:Threat Research 0-day IoT Talos Trane vulnerability Vulnerab

Microsoft Patch Tuesday – December 2015

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 12 bulletins released which address 71 vulnerabilities. Eight bulletins are rated “Critical” this month and address vulnerabilities in Graphics Component, Edge, Internet Exp
Publish At:2015-12-09 04:05 | Read:4520 | Comments:0 | Tags:Threat Research 0-day ms tuesday patch tuesday Talos

Vulnerability Spotlight: Microsoft Windows CDD Font Parsing Kernel Memory Corruption

Discovered by Andrea Allievi and Piotr Bania of Cisco Talos. Talos, in conjunction with Microsoft’s security advisory issued on September 8th, is disclosing the discovery of a memory corruption vulnerability within the Microsoft Windows CDD Font Parsing Kernel Driver. This vulnerability was initially discovered by the Talos and reported in accordance wi
Publish At:2015-09-08 17:35 | Read:6428 | Comments:0 | Tags:Threat Research 0-day security Talos vulnerability spotlight

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3