HackDig : Dig high-quality web security articles for hackers

Bypassing Windows SmartScreen

God, its been forever since I made an update. I figured if I was to make an update after more than a year’s absence, it better damned well be a good fucking update. Feels like the last time I updated this blog OK, so Smart Screen is a windows defender utility that comes with Windows 10. It pops up a warning if you attempt to run a binary that is
Publish At:2020-12-19 05:27 | Read:494 | Comments:0 | Tags:Uncategorized 0day dll smartscreen bypassing

Update your Chrome again as Google patches second zero-day in two weeks

Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in
Publish At:2020-11-03 15:05 | Read:630 | Comments:0 | Tags:Exploits and vulnerabilities 0day chrome cve-2020-16009 Java

Zyxel 0day Affects its Firewall Products, Too

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch
Publish At:2020-02-26 12:56 | Read:1042 | Comments:0 | Tags:Latest Warnings Time to Patch 0day alex holden zero day ZyXe

Zyxel Fixes 0day in Network Storage Devices

Patch comes amid active exploitation by ransomware gangs Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerabili
Publish At:2020-02-24 15:24 | Read:1255 | Comments:0 | Tags:Latest Warnings The Coming Storm Time to Patch 0day 500mhz a

WordPress content injection flaw abused in defacement campaigns

According to experts at the security firm Sucuri, a critical content injection flaw in WordPress recently disclosed has already been exploited to deface thousands of websites. Recently a critical vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw that affects the WordPress REST API. The vulnerability was discover
Publish At:2017-02-07 12:35 | Read:4848 | Comments:0 | Tags:Breaking News Hacking 0day content injection flaw defacement

Zero-day Content Injection Vulnerability found in WordPress

A new dangerous Zero-day Content Injection vulnerability has been discovered in the WordPress CMS, it affects the WordPress REST API. A new dangerous vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. The vulnerability discovered by a security researcher at firm Sucuri could be exploite
Publish At:2017-02-02 03:35 | Read:4544 | Comments:0 | Tags:Breaking News Hacking 0day Wordpress Zero-day Content Inject

Zimperium Announces Its Exploit Acquisition Program for N-Days

Your million dollar 0day just got burned and now worth nothing? No worries – we are still interested in your exploit. The value of 0days can range from a few thousands to even a million dollars for a full remote exploit chain and many companies and governments are willing to buy them. The problem with this approach is your exploits are used for attacks
Publish At:2017-02-01 11:20 | Read:5698 | Comments:0 | Tags:Mobile Threat Defense Research 0day Exploit N-Day Zero Day e

Remotely Disabling a Wireless Burglar Alarm

By Andrew Zonenberg @azonenbergCountless movies feature hackers remotely turning offsecurity systems in order to infiltrate buildings without being noticed. Buthow realistic are these depictions? Time to find out.Today we’re releasing information on a critical securityvulnerability in a wireless home security system from SimpliSafe. This system consis
Publish At:2016-11-19 20:15 | Read:8924 | Comments:0 | Tags:0-day 0day alarm Andrew Zonenberg burglar cyber attack hacki

Maritime Security: Hacking into a Voyage Data Recorder (VDR)

by Ruben Santamarta @reversemodeIn 2014, IOActive disclosed a series of attacks that affect multiple SATCOMdevices, some of which are commonly deployed on vessels. Although there is nodoubt that maritime assets are valuable targets, we cannot limit the attacksurface to those communication devices that vessels, or even large cruise ships,are usually equipped
Publish At:2015-12-09 21:10 | Read:14028 | Comments:0 | Tags:0day cyber attack Furuno hacking maritime piracy ruben santa

Newly Discovered Exploit Makes Every iPhone Remotely Hackable

The government would love to get its hands on a foolproof way to break into the new highly encrypted iPhone. And it looks like some clever hackers just gave it to them. Bug bounty startup Zerodium just announced that a team has figured out how to remotely jailbreak the latest iPhone operating system and will take home a million dollar prize. It’s unclear if
Publish At:2015-11-03 07:20 | Read:5236 | Comments:0 | Tags:Cyber Security Cyber Security Research Mobile Security Secur

Darkhotel APT Latest to Use Hacking Team Zero Day

The fallout from the HackingTeam data dump shows no signs of abating. Since the controversial surveillance software maker was hacked and 400 Gb of its data posted online in early July, a handful of zero-day vulnerabilities and exploits were publicly leaked and continue to find their way into the hands of criminal and state-sponsored hacking groups.The latest
Publish At:2015-08-10 11:35 | Read:4820 | Comments:0 | Tags:Hacks Malware Vulnerabilities Web Security .hta .rar 0day ad

New Firefox Zero-Day: Patch Now!

Mozilla released a critical security advisory late last week which may have gone unnoticed during all the action at the BlackHat and Defcon conferences. The bug in its flagship browser Firefox is severe because it can allow an attacker to steal files from Windows and Linux users who just happen to visit a website contaminated by a malicious advert. More imp
Publish At:2015-08-10 04:45 | Read:5364 | Comments:0 | Tags:Zero-Days 0day FF firefox zeroday

Another Hacking Team Flash Player 0day Uncovered

The Hacking Team debacle has made headlines all week long and sparked a lot of debates over the sale of cyber weapons to various governments, including oppressive regimes. It didn’t take very long for someone to identify a zero-day vulnerability in the Flash Player within the leaked documents. That vulnerability was almost instantly weaponized in explo
Publish At:2015-07-11 10:20 | Read:4373 | Comments:0 | Tags:Exploits 0day Flash Player hacking team zero day zeroday

How a Russian hacker made $45,000 selling a 0-day Flash exploit to Hacking Team

Further ReadingAdobe Flash exploit that was leaked by Hacking Team goes wild; patch now!Hours after the 0day was found, it was added to popular exploit kits.If you’re a Moscow-based zero-day exploit seller, all you have to do is e-mail a spyware company like Hacking Team out of the blue. You can go from initial, unsolicited message to getting paid tens o
Publish At:2015-07-10 20:45 | Read:5026 | Comments:0 | Tags:Ministry of Innovation Risk Assessment 0day russia vitaly To

Recent Flash Player 0-day Exploit Goes Mainstream

On June 23rd, security firm FireEye released a report about targeted attacks leveraging a Flash Player zero-day vulnerability (CVE-2015-3113) in Adobe Flash Player up to version The firm stated that some users would receive a phishing email containing a link to a site hosting the zero-day exploit. The announcement went out around the same time as
Publish At:2015-06-29 06:25 | Read:9113 | Comments:0 | Tags:Exploits 0day anti exploit CVE-2015-3113 exploit Flash Playe


Tag Cloud