HackDig : Dig high-quality web security articles for hacker

WordPress content injection flaw abused in defacement campaigns

According to experts at the security firm Sucuri, a critical content injection flaw in WordPress recently disclosed has already been exploited to deface thousands of websites. Recently a critical vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw that affects the WordPress REST API. The vulnerability was discover
Publish At:2017-02-07 12:35 | Read:2965 | Comments:0 | Tags:Breaking News Hacking 0day content injection flaw defacement

Zero-day Content Injection Vulnerability found in WordPress

A new dangerous Zero-day Content Injection vulnerability has been discovered in the WordPress CMS, it affects the WordPress REST API. A new dangerous vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. The vulnerability discovered by a security researcher at firm Sucuri could be exploite
Publish At:2017-02-02 03:35 | Read:2699 | Comments:0 | Tags:Breaking News Hacking 0day Wordpress Zero-day Content Inject

Zimperium Announces Its Exploit Acquisition Program for N-Days

Your million dollar 0day just got burned and now worth nothing? No worries – we are still interested in your exploit. The value of 0days can range from a few thousands to even a million dollars for a full remote exploit chain and many companies and governments are willing to buy them. The problem with this approach is your exploits are used for attacks
Publish At:2017-02-01 11:20 | Read:3585 | Comments:0 | Tags:Mobile Threat Defense Research 0day Exploit N-Day Zero Day e

Remotely Disabling a Wireless Burglar Alarm

By Andrew Zonenberg @azonenbergCountless movies feature hackers remotely turning offsecurity systems in order to infiltrate buildings without being noticed. Buthow realistic are these depictions? Time to find out.Today we’re releasing information on a critical securityvulnerability in a wireless home security system from SimpliSafe. This system consis
Publish At:2016-11-19 20:15 | Read:4121 | Comments:0 | Tags:0-day 0day alarm Andrew Zonenberg burglar cyber attack hacki

Maritime Security: Hacking into a Voyage Data Recorder (VDR)

by Ruben Santamarta @reversemodeIn 2014, IOActive disclosed a series of attacks that affect multiple SATCOMdevices, some of which are commonly deployed on vessels. Although there is nodoubt that maritime assets are valuable targets, we cannot limit the attacksurface to those communication devices that vessels, or even large cruise ships,are usually equipped
Publish At:2015-12-09 21:10 | Read:6713 | Comments:0 | Tags:0day cyber attack Furuno hacking maritime piracy ruben santa

Newly Discovered Exploit Makes Every iPhone Remotely Hackable

The government would love to get its hands on a foolproof way to break into the new highly encrypted iPhone. And it looks like some clever hackers just gave it to them. Bug bounty startup Zerodium just announced that a team has figured out how to remotely jailbreak the latest iPhone operating system and will take home a million dollar prize. It’s unclear if
Publish At:2015-11-03 07:20 | Read:3562 | Comments:0 | Tags:Cyber Security Cyber Security Research Mobile Security Secur

Darkhotel APT Latest to Use Hacking Team Zero Day

The fallout from the HackingTeam data dump shows no signs of abating. Since the controversial surveillance software maker was hacked and 400 Gb of its data posted online in early July, a handful of zero-day vulnerabilities and exploits were publicly leaked and continue to find their way into the hands of criminal and state-sponsored hacking groups.The latest
Publish At:2015-08-10 11:35 | Read:2781 | Comments:0 | Tags:Hacks Malware Vulnerabilities Web Security .hta .rar 0day ad

New Firefox Zero-Day: Patch Now!

Mozilla released a critical security advisory late last week which may have gone unnoticed during all the action at the BlackHat and Defcon conferences. The bug in its flagship browser Firefox is severe because it can allow an attacker to steal files from Windows and Linux users who just happen to visit a website contaminated by a malicious advert. More imp
Publish At:2015-08-10 04:45 | Read:3410 | Comments:0 | Tags:Zero-Days 0day FF firefox zeroday

Another Hacking Team Flash Player 0day Uncovered

The Hacking Team debacle has made headlines all week long and sparked a lot of debates over the sale of cyber weapons to various governments, including oppressive regimes. It didn’t take very long for someone to identify a zero-day vulnerability in the Flash Player within the leaked documents. That vulnerability was almost instantly weaponized in explo
Publish At:2015-07-11 10:20 | Read:2856 | Comments:0 | Tags:Exploits 0day Flash Player hacking team zero day zeroday

How a Russian hacker made $45,000 selling a 0-day Flash exploit to Hacking Team

Further ReadingAdobe Flash exploit that was leaked by Hacking Team goes wild; patch now!Hours after the 0day was found, it was added to popular exploit kits.If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team out of the blue. You can go from initial, unsolicited message to getting paid tens o
Publish At:2015-07-10 20:45 | Read:3580 | Comments:0 | Tags:Ministry of Innovation Risk Assessment 0day russia vitaly To

Recent Flash Player 0-day Exploit Goes Mainstream

On June 23rd, security firm FireEye released a report about targeted attacks leveraging a Flash Player zero-day vulnerability (CVE-2015-3113) in Adobe Flash Player up to version 18.0.0.160. The firm stated that some users would receive a phishing email containing a link to a site hosting the zero-day exploit. The announcement went out around the same time as
Publish At:2015-06-29 06:25 | Read:4133 | Comments:0 | Tags:Exploits 0day anti exploit CVE-2015-3113 exploit Flash Playe

Patch early, patch often: Adobe pushes emergency fix for active 0-day

Yet again, Adobe has released a new patch to fix a critical vulnerability that "could potentially allow an attacker to take control of the affected system," according to the company.Adobe acknowledged that the flaw (CVE-2015-3113) is "being actively exploited in the wild via limited, targeted attacks." Known affected systems run Internet Explorer for Win
Publish At:2015-06-25 02:45 | Read:2418 | Comments:0 | Tags:Risk Assessment 0day Adobe flash

Apple’s Password Storing Keychain Cracked on iOS & OS X

And another password shocker, a few days after ‘cloud’ password service LastPass was pretty seriously hacked (yah if you’re using it, change your master password) critical 0-day flaws in Apple’s password storing keychain have been exposed.Which is kinda funny, as after the LastPass hack I saw some people espousing the usage of Apple&#
Publish At:2015-06-17 19:20 | Read:3320 | Comments:0 | Tags:Apple Cryptography Exploits/Vulnerabilities Password Crackin

Weekly Metasploit Wrapup: SMB File Shares

Sharing is CaringOne of the nits we've all had to pick with Metasploit is that when you have a module that involves getting a client to connect to an evil SMB server to fetch a file, the strategy usually used involved generating the file with a module then serving that up on your own Samba or Windows share. This worked, of course, but what a hassle. Who want
Publish At:2015-03-12 17:30 | Read:2399 | Comments:0 | Tags:smb 0-day 0day cifs

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements

Our researchers have discovered a new zero-day exploit in Adobe Flash used in malvertisement attacks. The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313. Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and
Publish At:2015-02-02 18:45 | Read:3609 | Comments:0 | Tags:Exploits Vulnerabilities 0day Adobe Exploit flash player mal

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud