HackDig : Dig high-quality web security articles for hackers

Beware of This Android App That Steals Twitter Credentials

An Android application distributed currently only in China can steal a user's Twitter credentials and uploads them to an online server.The malware's name is "Dual Instance," nicknamed this way after a feature found in most social media apps today that allow users to log in with multiple accounts.Because the Chinese government blocks Twitter
Publish At:2016-10-20 02:55 | Read:4749 | Comments:0 | Tags:Advisories

WordPress Sites Under Attack via Security Flaw in Unmaintained Plugin

Webmasters still using the deprecated WP Marketplace WordPress plugin should update to a new e-commerce utility as soon as possible, and remove the plugin from their sites in order to avoid having their servers compromised.The reason for this warning is a security flaw that affects the plugin. The issue allows an attacker to upload arbitrary files on website
Publish At:2016-10-18 14:15 | Read:3790 | Comments:0 | Tags:Advisories

Mirai IoT DDoS Trojan Now Targets Cellular Network Equipment

Sierra Wireless, one of the biggest hardware manufacturers of mobile equipment, has issued an alert yesterday, warning customers not to use default passwords with their devices as they might be at risk of infection from the infamous Mirai malware.The company says that Airlink wireless routers and gateways deployed with 3G and 4G LTE cellular networks are at
Publish At:2016-10-14 18:25 | Read:4789 | Comments:0 | Tags:Advisories DDOS

Armada Collective DDoS Extortion Group Now Threatens Ransomware Infections

A group going by the name of Armada Collective is still sending extortion emails to website owners around the globe, one year after this type of attack became widely known.The latest victim of these tactics is Etienne Delport from Port Elizabeth, South Africa, owner Alpha Bookkeeping Services.On September 5, Delport published an email on Twitter, showing a r
Publish At:2016-09-13 13:00 | Read:5194 | Comments:0 | Tags:Advisories DDOS

SNMP Port Scans Increase Following Rapid7 Vulnerability Report

You know you did your job as a security researcher when on the same day you release a vulnerability report, traffic all over the Internet spikes on a certain port.This is what happened on September 7, when Rapid7 researchers Tod Beardsley and Deral Heiland, together with independent researcher Matthew Kienow, released a comprehensive report about a series of
Publish At:2016-09-10 12:00 | Read:3792 | Comments:0 | Tags:Advisories Vulnerability

Email Marketing Trick Incorporated in Hacking Arsenals

Pixel tracking, a technique often used by email marketing platforms, has made its way into the arsenal of hacking tricks used by threat actors to probe and map a company's internal network.The technique of "pixel tracking" refers to embedding a 1x1 pixel at the end of emails hosted on the sender's server. As email recipients open the email
Publish At:2016-09-09 17:45 | Read:4253 | Comments:0 | Tags:Advisories

Tech Support Scammers Find New Trick to Hijack Chrome Browsers

Tech support scammers have come up with a devilish new trick to fool unsuspecting victims, relying on a cleverly crafted image and Chrome's fullscreen mode.Their new tactic relies on crafting new tech support pages mimicking the visual style of the official Microsoft website.When users navigate to this page via Chrome, hidden JavaScript code puts the vic
Publish At:2016-08-29 07:40 | Read:3410 | Comments:0 | Tags:Advisories

This Tor Error Will Likely Scare a Lot of Unsuspecting IPv6 Users

Frederic Jacobs, a former developer for Whisper Systems where he worked on the Signal app, discovered an interesting problem that will likely scare a lot of Tor users not acquainted with the Tor Browser's underbelly.For some years now, the Tor Project has made available the check.torproject.org web page as a means for users to detect when their Tor Brows
Publish At:2016-08-19 10:05 | Read:4314 | Comments:0 | Tags:Advisories

Scammers Hijack Customer Support Requests on Twitter

Crooks are using look-alike Twitter accounts to insert themselves into legitimate customer support Twitter conversations and lead customers back to phishing sites to collect their login credentials and account details.Even if this clever scam is two-years-old, it continues to make victims even today, as a security researcher going by the name of Techhelplist
Publish At:2016-08-12 13:25 | Read:4050 | Comments:0 | Tags:Advisories

Powerful Android Adware Makes Its Way Into the Google Play Store

Six apps from a developer named ValerySoftware have found their way into the official Google Play Store and have infected at least 3,000 users, based on their current download counts.The apps, discovered and reported this week by Intel McAfee security experts, are nothing more but hollow shells providing no functionality at all, except for the malicious feat
Publish At:2016-08-11 00:55 | Read:5175 | Comments:0 | Tags:Advisories

Chrome, Firefox, and IE Browser Hijacker Distributed via Legitimate Software

Intel McAfee security experts have discovered that the latest versions of the infamous Bing.vc browser-hijacking malware are distributed via applications distributed by Lavians Inc.Security companies have known about the existence of the Bing.vc malware for more than a year and many of them have added support for removing this threat from the computers of in
Publish At:2016-08-11 00:55 | Read:5816 | Comments:0 | Tags:Advisories

Trend of Hacked Instagram Accounts Promoting Adult Links Gets Worse and Worse

The trend of Instagram profiles promoting adult content has taken a turn for the worse, with hackers actively compromising already existing accounts instead of creating new profiles from scratch.Just like any other popular social network like Facebook and Twitter, Instagram is also plagued by bots promoting adult material.This trend had become a serious prob
Publish At:2016-08-11 00:55 | Read:4451 | Comments:0 | Tags:Advisories

Another Set of Malicious Android Apps Try to Fool Pokemon GO Players

Dell security researchers have discovered seven new Android apps posing as the official Pokemon GO app but that are, in reality, infected with malware ranging from adware to the DroidJack RAT (Remote Access Trojan).Fake Pokemon GO apps were detected last month as well, right after the game was released in Australia, New Zealand, and the US.Crooks took advant
Publish At:2016-08-07 05:15 | Read:4483 | Comments:0 | Tags:Advisories

Nigerian Scammers Evolve with the Times, Move on to BEC and RATs

The Nigerian cyber-crime scene, famous for its Nigerian Prince and 419 scam tactics, has evolved to using malware and is now actively targeting enterprises using BEC (Business Email Compromise) techniques, a SecureWorks investigation has revealed.For many years, the Internet has been plagued by massive spam floods, in most instances carrying emails from Nige
Publish At:2016-08-04 22:25 | Read:5060 | Comments:0 | Tags:Advisories

Fake Android Prisma Apps Containing Malware Downloaded over 1.5 Million Times

Google has removed several malicious Android applications disguised as the popular Prisma app. They all contained malware and were downloaded over 1.5 million times, putting countless users in danger.Prisma is one of today's most popular mobile apps, allowing users to apply Instagram-like filters on top of their photos and transforming them into a painte
Publish At:2016-08-04 04:10 | Read:3160 | Comments:0 | Tags:Advisories

Tools