HackDig : Dig high-quality web security articles for hackers

[CRITICAL] CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Have you ever been deep in the mines of debugging and suddenly realized that you were staring at something far more interesting than you were expecting? You are not alone! Recently a Google engineer noticed that their SSH client segfaulted every time they tried to connect to a specific host. That engineer filed a ticket to investigate the behavior and after
Publish At:2016-11-20 03:20 | Read:6081 | Comments:0 | Tags:Application Security Cyber Security Cyber Security Research

[CRITICAL] Nissan Leaf Can Be Hacked Via Web Browser From Anywhere In The World

What if a car could be controlled from a computer halfway around the world? Computer security researcher and hacker Troy Hunt has managed to do just that, via a web browser and an Internet connection, with an unmodified Nissan Leaf in another country. While so far the control was limited to the HVAC system, it’s a revealing demonstration of what’s possible.
Publish At:2016-11-20 03:20 | Read:5495 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates 0xic

OnionDog APT targets Critical Infrastructures and Industrial Control Systems (ICS)

The Helios Team at 360 SkyEye Labs revealed that a group named OnionDog has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet. OnionDog’s first activity can be traced back to October, 2013 and in the following two years it was only active between l
Publish At:2016-11-20 03:20 | Read:6104 | Comments:0 | Tags:Critical Infrastructures Cyber Security Cyber Warfare ICS SC

Kemuri Water Company (KWC) | Hackers change chemical settings at water treatment plant

Hackers manipulated the programmable logic controllers that managed the amount of chemicals used to treat the water to make it safe to drink.   NEW YORK — March 23, 2016 — Hackers breached a water company’s industrial control system and made changes to valve and flow control settings, Verizon revealed in its latest Data Breach Digest. The unnamed w
Publish At:2016-11-20 03:20 | Read:9683 | Comments:0 | Tags:Critical Infrastructures Cyber Security ICS SCADA Security U

Waze | Another way to track your moves

Millions of drivers use Waze, a Google-owned navigation app, to find the best, fastest route from point A to point B. And according to a new study, all of those people run the risk of having their movements tracked by hackers. Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thou
Publish At:2016-11-20 03:20 | Read:6180 | Comments:0 | Tags:Application Security Cyber Security Mobile Security Security

Flaws in Samsung’s ‘Smart’ Home Let Hackers Unlock Doors and Set Off Fire Alarms

  A smoke detector that sends you a text alert when your house is on fire seems like a good idea. An internet-connected door lock with a PIN that can be programmed from your smartphone sounds convenient, too. But when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger, your “smart home” sud
Publish At:2016-11-20 03:20 | Read:5219 | Comments:0 | Tags:Cyber Security Cyber Security Research IoT Physical Security

Another Door to Windows | Hot Potato exploit

Microsoft Windows versions 7, 8, 10, Server 2008 and Server 2012 vulnerable to Hot Potato exploit which gives total control of PC/laptop to hackers Security researchers from Foxglove Security have discovered that almost all recent versions of Microsoft’s Windows operating system are vulnerable to a privilege escalation exploit. By chaining together a series
Publish At:2016-01-25 03:00 | Read:4829 | Comments:0 | Tags:Cyber Security Cyber Security Research Exploits Security Upd

Industrial Control Systems (ICS/SCADA) and Cyber Security

It’s a cyber war out there! Is your company ready for battle? Industry is slowly waking up to the fact that its facilities are in the crosshairs, the targets of cyber attacks by bad actors trying to exploit vulnerabilities in industrial control systems (ICSs) to steal intellectual property or damage critical equipment. Whether caused by sophisticated
Publish At:2016-01-22 02:40 | Read:7515 | Comments:0 | Tags:Cyber Security Cyber Warfare ICS SCADA Security Updates Tech

BlackEnergy Attacking Ukraine’s Critical Infrastructures

The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014 (see our previous blog posts on Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland and BlackEnergy PowerPoint Campaigns, as well as ourVirus Bulletin talk on the subject), was also active in the year 2015. ESET has r
Publish At:2016-01-10 19:25 | Read:9174 | Comments:0 | Tags:Cyber Security Cyber Security Research Cyber Warfare ICS SCA

Malware Found Inside Downed Ukrainian Grid Management Points to Cyber-attack

The Burshtyn TES power plant in Ivano-Frankivsk Oblast, Ukraine. It’s not clear if Burshtyn was affected, but power outages did affect the grid in the Ivano-Frankivsk Oblast region. Image: Raimond Spekking/Wikimedia Commons Overview On December 23, a Ukrainian power company announced that a section of the country had gone dark. This temporary outage w
Publish At:2016-01-06 06:55 | Read:8843 | Comments:0 | Tags:Cyber Security Cyber Security Research Cyber Warfare Securit

iBackDoor: High-Risk Code Hits iOS Apps

Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display ads, allowing for potential malicious access to sensiti
Publish At:2015-11-05 13:20 | Read:4752 | Comments:0 | Tags:Cyber Security Mobile Security Security Updates 0xicf Apple

Newly Discovered Exploit Makes Every iPhone Remotely Hackable

The government would love to get its hands on a foolproof way to break into the new highly encrypted iPhone. And it looks like some clever hackers just gave it to them. Bug bounty startup Zerodium just announced that a team has figured out how to remotely jailbreak the latest iPhone operating system and will take home a million dollar prize. It’s unclear if
Publish At:2015-11-03 07:20 | Read:4995 | Comments:0 | Tags:Cyber Security Cyber Security Research Mobile Security Secur

Pro-Palestinian Hackers Took over Radio Tel Aviv Website

A group of pro-Palestinian hackers took over the official website of Radio Tel Aviv (TLV) on Sunday and left a deface page on the homepage showing anti-Israeli messages. A group of Palestinian-friendly hackers going with the handle of AnonCoders hacked and defaced the official website of Radio Tel Aviv. Hackers left a deface page along with messages both in
Publish At:2015-10-07 00:00 | Read:5535 | Comments:0 | Tags:Application Security Cyber Security Cyber Warfare Security U

3D Imaging System in Driver-less Cars Can Be Hacked

The laser navigation system and sensors of driverless cars can be easily exploited by hackers as they can trick them into getting paralyzed thinking about a probable collision with another person, car or hurdle. Lidar 3D Imaging System is vulnerable to hack attacks. It is a system used by autonomous vehicles to create an image of the surroundings and naviga
Publish At:2015-09-10 10:00 | Read:4084 | Comments:0 | Tags:Cyber Security Security Updates Technology 0xicf Arduino Bla

Self-driving Cars Hacked Using a Simple Laser and a Raspberry Pi

Wake-up call for driverless-car makers to solve this glaring security problem. Self-driving cars are easy to hack with a modified laser pointer. A security researcher has discovered that self-driving cars with laser-powered sensors that detect and avoid obstacles in their paths can easily be fooled by a line-of-sight attacker using a laser pointer to trick
Publish At:2015-09-09 16:25 | Read:4326 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates Tech