HackDig : Dig high-quality web security articles for hacker

How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players

Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And usually, for that purpose the game itself is abused. In the particular scenario we are describing in this
Publish At:2017-08-08 15:20 | Read:268 | Comments:0 | Tags:Exploits Vulnerabilities API Chat Program API Discord ROBLOX

Victim Machine has joined #general: Using Third-Party APIs as C&C Infrastructure

Imagine a well-experienced security analyst at a major company going through his normal routine of checking logs at the end of the workday. A quick look at the company’s security solution logs reveal nothing too peculiar or alarming — except for one thing: a higher than normal amount of traffic to the office’s newly introduced third-party chat platform. He d
Publish At:2017-06-06 16:20 | Read:409 | Comments:0 | Tags:Exploits Vulnerabilities API Chat Program API Discord Slack

Introducing the Cisco PSIRT openVuln API

In October, we announced details about Cisco PSIRT’s new and improved security vulnerability disclosure format. Our Chief Security and Trust Officer, John Stewart, also revealed that Cisco will launch an application programming interface (API) that empowers customers to customize Cisco vulnerability information and publications. Today, we have officially lau
Publish At:2015-12-14 10:40 | Read:751 | Comments:0 | Tags:Security API cvrf openvuln OVAL psirt security security auto

Apple Keeping Ad Blocker API Private on iOS 9

According to tech analysts, Apple is keeping private a certain application programming interface (API) that would make it easier for ad blockers to hide content in web browsers from Mozilla and others.With the release of its iOS 9 operating system, Apple has for the first time approved some ad blocking apps with the inclusion of a new API that makes it easie
Publish At:2015-10-20 14:30 | Read:719 | Comments:0 | Tags:Latest Security News ad blocking API Apple Firefox Mark Mayo

Facebook API flaw Left 1.44 Billion Users’ Identities at risk

A security flaw in the Facebook API allows hackers to decrypt and scan user IDs, nearly 1.44 billion Facebook users are at risk of identity theft. The security researcher Reza Moaiandin, Technical Director at Salt Agency, discovered a flaw in Facebook’s API that can allow hackers to scan for user ID, and that leaves abou
Publish At:2015-08-12 17:15 | Read:986 | Comments:0 | Tags:Breaking News Hacking Social Networks API black market Faceb

DynamoRIO | Runtime Code Manipulation System

About DynamoRIO DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems,
Publish At:2015-07-28 12:00 | Read:1216 | Comments:0 | Tags:Application Security Cyber Security Cyber Security Research

Pinterest Fixes Validation Vulnerability in API

Pinterest recently fixed an issue in the API of its web app that could have allowed remote attackers to compromise emails and carry out session hijacking and phishing attacks.Vulnerability Lab researcher Benjamin Kunz Mejri discovered the issue, which is a persistent mail encoding and validation web vulnerability shortly after the start of the year. While de
Publish At:2015-07-01 16:50 | Read:787 | Comments:0 | Tags:Vulnerabilities Web Security API Phishing Pinterest session

Tracking SSL Issues with the SSL Labs API

The SSL and TLS protocols have been on the front of the stage for months. Besides many vulnerabilities disclosed in the OpenSSL library, the deployment of SSL and TLS is not always easy. They are weak cyphers (like RC4), weak signatures, certificates issues (self-signed, expiration or fake ones). Other useful features are mis-understood and not often not con
Publish At:2015-06-09 21:00 | Read:1188 | Comments:0 | Tags:Security Software Uncategorized API OSSEC SSL

Playing with IP Reputation with Dshield & OSSEC

[This blogpost has also been published as a guest diary on isc.sans.org] When investigating incidents or searching for malicious activity in your logs, IP reputation is a nice way to increase the reliability of generated alerts. It can help to prioritize incidents. Let’s take an example with a WordPress blog. It will, sooner or later, be targeted by a
Publish At:2015-06-09 21:00 | Read:1657 | Comments:0 | Tags:Logs Management / SIEM OSSEC Security API IP address Reputat

A researcher discovered two security issues in the GITHUB platform

A security researcher discovered a couple of security issues on GitHub platform explaining how it is possible to exploit them in real attack scenarios. The researcher David Sopas (@dsopas) from Websegura discovered a couple of security issues in the coding website GitHub that were ranked by the company as minor, but that could
Publish At:2015-04-03 18:15 | Read:999 | Comments:0 | Tags:Breaking News Hacking API GitHub Pierluigi Paganini reflecte

Instagram API could be exploited to serve malicious links

A security researcher has discovered a reflected filename download vulnerability affecting the Instagram API that could be exploited to share malicious links. The security researcher David Sopas from WebSegura has discovered a serious vulnerability in the Instagram API that could be exploited by hackers to post a link to a web
Publish At:2015-03-26 02:05 | Read:1270 | Comments:0 | Tags:Breaking News Hacking Mobile API Instagram reflected filenam

Snapchat to address sketchy third-party apps with public API ... at some point

Oh, those darn third-party apps, their home-brewed APIs and their photo-leaking ways, Snapchat moaned on Wednesday morning, promising to cook up a public API to fix the situation... sooner or later. It was referring to the entire ecosystem of third-party apps that's sprung up around Snapchat's ostensibly ephemeral but in actuality not-disappearing-at-all ima
Publish At:2014-10-16 13:05 | Read:1797 | Comments:0 | Tags:Data loss Featured Privacy Security threats Vulnerability AP

Working with reports and exports via the RPC API

The Metasploit RPC API provides a straightforward, programmatic way to accomplish basic tasks with your Metasploit Pro instance. Two of the key capabilities are export generation to backup your data and report generation to summarize and share your findings. The RPC API docs are currently undergoing a major overhaul and are a bit out of date for reports and
Publish At:2014-09-25 00:50 | Read:1617 | Comments:0 | Tags:reports exports api

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud