HackDig : Dig high-quality web security articles for hacker

Hackers exploited IE and Firefox flaws in attacks on entities in China, Japan

An APT group is exploiting the flaws patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. An APT group is exploiting two vulnerabilities patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. The first issue, tracked as CVE-2019-17026, affects the Firefox browser and wa
Publish At:2020-04-02 17:58 | Read:113 | Comments:0 | Tags:Breaking News Hacking China Firefox IE information security

New COVID19 wiper overwrites MBR making computers unusable

A recently discovered strain of malware exploits the current COVID19 pandemic to render computers unusable by overwriting the MBR. SonicWall’s security researchers have discovered a new piece of malware that exploits the current COVID19 outbreak to render computers unusable by overwriting the master boot record (MBR). Unfortunately, this is one of the
Publish At:2020-04-02 11:00 | Read:119 | Comments:0 | Tags:Breaking News Cyber Crime Malware coronavirus covid19 hackin

Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak

Crooks target Android users working from home due to the Coronavirus outbreak with a Trojanized version of the popular video messaging app Zoom. Security experts from Bitdefender have spotted tainted versions of the Android Zoom video-conferencing application that is targeting users working from home due to the Coronavirus outbreak. Researchers detecte
Publish At:2020-04-02 09:58 | Read:86 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android coronavirus

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. Recently Microsoft has published details about human-operated ransomware attacks that ta
Publish At:2020-04-02 06:11 | Read:135 | Comments:0 | Tags:Breaking News Cyber Crime Security COVID Hacking human-opera

Zoom client for Windows could allow hackers to steal users’Windows password

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoo
Publish At:2020-04-01 18:48 | Read:102 | Comments:0 | Tags:Breaking News Hacking information security news it security

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet, tracked as Vollgar botnet, that is targeting MSSQL databases since 2018. The botnet is used to launch brute-force attacks against MSSQL databases to take
Publish At:2020-04-01 15:00 | Read:155 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet crypto Hacking it s

Experts published PoC exploits for CVE-2020-0796 privilege escalation flaw on Windows

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked a
Publish At:2020-04-01 07:49 | Read:125 | Comments:0 | Tags:Breaking News Hacking CVE-2020-0796 hacking news it security

New Raccoon Stealer uses Google Cloud Services to evade detection

Researchers found a piece of Raccoon Stealer that abuse of Google Cloud Services and leverages multiple delivery techniques. Racoon malware (aka Legion, Mohazo, and Racealer) is an info-stealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able
Publish At:2020-04-01 05:40 | Read:136 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking information securi

LimeRAT malware delivered using 8-year-old VelvetSweatshop trick

Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. LimeRAT is a powerful Remote Administration Tool publicly available as
Publish At:2020-04-01 04:01 | Read:123 | Comments:0 | Tags:Breaking News Cyber Crime Malware hacking news information s

A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges

A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileg
Publish At:2020-03-31 20:02 | Read:154 | Comments:0 | Tags:Breaking News Hacking information security news it security

Marriott discloses data breach impacting up to 5.2 Million guests

Marriott disclosed a new security breach detected at the end of February 2020 that could impact up to 5.2 million of its guests. Marriott International discloses a data breach that exposed the personal information of roughly 5.2 million hotel guests, the incident was detected at the end of February 2020. “At the end of February 2020, we identifi
Publish At:2020-03-31 16:14 | Read:168 | Comments:0 | Tags:Breaking News Data Breach Hacking data breach hacking news i

Holy Water targets religious figures and charities in Asia

Holy Water – An APT group compromised a server hosting Web pages belonging mainly to religious figures and charities to carry out watering hole attacks. On December 4, 2019, Kaspersky experts discovered a watering hole attack, tracked Holy Water, aimed at an Asian religious and ethnic group. The campaign has been active since at least May 2019 and
Publish At:2020-03-31 11:45 | Read:116 | Comments:0 | Tags:Breaking News Hacking Malware APT drive-by downloads it secu

42 million records of Iranian users of unofficial Telegram fork leaked online

Security expert Bob Diachenko discovered that 42 million Iranian ‘Telegram’ user IDs and phone numbers have been leaked online. Comparitech along with the popular researcher Bob Diachenko discovered 42 million Iranian ‘Telegram’ user IDs and phone numbers online. The accounts belong to Iranian users, they are from a third-party
Publish At:2020-03-31 10:45 | Read:114 | Comments:0 | Tags:Breaking News Data Breach information security news it secur

FBI warns of nation-state actors using the Kwampirs malware

For the third time in a few weeks, the FBI has issued an alert about supply chain attacks carried out by nation-state actors using the Kwampirs malware. The FBI has issued an alert about supply chain attacks using the Kwampirs malware as part of a hacking campaign carried out on a global scale by state-sponsored hackers. The FBI has issued an alert o
Publish At:2020-03-31 08:39 | Read:193 | Comments:0 | Tags:APT Breaking News Hacking Malware coronavirus covid19 hackin

Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data breach. 
Publish At:2020-03-31 04:51 | Read:126 | Comments:0 | Tags:Breaking News Security credential stuffing data breach Hacki

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud