HackDig : Dig high-quality web security articles for hackers

Phishers and iPhone Thieves Rolling Out Multimillion-Dollar Operations

IBM X-Force Incident Response and Intelligence Services (IRIS) researchers recently went down the rabbit hole of a physical iPhone theft that was followed by a SMiShing campaign designed to unlock the phone for resale on the black market. As we looked into what was behind the phish, we found a thriving and large-scale operation of over 600 phishing domains d
Publish At:2020-04-09 06:33 | Read:1328 | Comments:0 | Tags:Mobile Security Threat Intelligence Apple Cloud Cloud Securi

Player vs. Hacker: Cyberthreats to Gaming Companies and Gamers

The video gaming landscape has changed drastically over the past few decades. Some of these changes have led to considerable developments in the cyberthreat landscape as it applies to gaming companies, the games themselves and the user base that enjoys them. Integration of the cloud, mobile apps and social networks, the diversity of games and platforms, th
Publish At:2020-03-16 10:45 | Read:1134 | Comments:0 | Tags:Application Security Software & App Vulnerabilities Threat I

Securing the MSP: their own worst enemy

We’ve previously discussed threats to managed service providers (MSPs), covering their status as a valuable secondary target to both an assortment of APT groups as well as financially motivated threat groups. The problem with covering new and novel attack vectors, however, is that behind each new vector is typically a system left unpatched, asset manag
Publish At:2020-01-30 16:50 | Read:1461 | Comments:0 | Tags:Opinion advanced persistent threat advanced persistent threa

Stranger Than Fiction? The Six Weirdest 2016 Data Breaches

Hollywood loves hacking in movies. White hats are able to perform miraculous feats with nothing more than mobile phones and subpar internet connections, while evildoers somehow manage to access banking and government systems worldwide as part of insidious plots for world domination. Top Six Weird and Wacky 2016 Data Breaches In truth, cyberattacks and respon
Publish At:2016-12-07 14:40 | Read:4465 | Comments:0 | Tags:Data Protection Identity & Access Risk Management Credential

Security week-in-review: Google patches critical Android bugs; Twitter locks accounts

It’s hard to keep up with the hundreds of security-specific headlines published every week. So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore Android patches, high-profile breaches, and more ransomware. Check back every Friday to learn about the latest in security news.
Publish At:2016-06-10 22:30 | Read:4141 | Comments:0 | Tags:Security android credentials cybersecurity data leak google

The Windows Vaults

The Credential Manager in Windows is a relatively unknown feature, even though a lot of people are using it without being aware of its existence. Windows stores credentials in special folders that they call “vaults” to help users login to websites and other computers. The Credential Manager as such is introduced with Windows 7. Operation Reviewin
Publish At:2016-01-11 21:10 | Read:7349 | Comments:0 | Tags:Online Security credentials login passwords Pieter Arntz win

88 Percent of Networks Susceptible to Privileged Account Hacks

IT professionals have long grappled with the inherent risks associated with privileged accounts. Whenever credentials that allow other employees to login to servers, routers, and so forth, are compromised, it can have a dire outcome on the rest of the network.A security firm this week is warning exactly how dire those consequences can be. Virtually no organi
Publish At:2015-11-10 15:50 | Read:4226 | Comments:0 | Tags:Compliance Privacy SMB Security Web Security Credentials Cyb

Hacking tool swipes encrypted credentials from password manager

Using a password manager is one of the biggest ways that average computer users can keep their online accounts secure, but their protection is pretty much meaningless when an end user's computer is compromised. Underscoring this often ignored truism is a recently released hacking tool that silently decrypts all user names, passwords, and notes stored by the 
Publish At:2015-11-03 00:35 | Read:3956 | Comments:0 | Tags:Risk Assessment Technology Lab authentication credentials en

Passwords Are Secure, We’re Just Using Them Wrong

Co-authored by Dr. Gregory Neven If you ask your IT staff about passwords, they’ll probably advise you to use long and complicated codes, never reuse passwords across different websites, change passwords regularly and never write them down anywhere. You may think of your IT staff as paranoid, but their fear of passwords getting stolen by cybercriminals
Publish At:2015-10-20 15:15 | Read:3894 | Comments:0 | Tags:Data Protection Credentials National Institute of Standards

Zero-Day in Magento Plugin Magmi Under Attack

A zero-day in a popular plugin for the Magento ecommerce platform is under attack.Attackers are using a few IP addresses to scan for vulnerable versions of Magmi, which is an open source database client that imports data into Magento. “We’ve seen a couple hundred requests for this specific attack coming from two or three IP addresses. They̵
Publish At:2015-10-14 15:35 | Read:3920 | Comments:0 | Tags:Hacks Vulnerabilities Authentication Credentials Directory T

PowerMemory, how to extract credentials present in files and memory

This post explains how to use the PowerMemory script to reveal the passwords used by users of the computers running under Windows systems. Disclaimer Any actions and or activities related to the material contained within this blog is solely your responsibility.The misuse of the information in this website can result in crimina
Publish At:2015-08-31 18:55 | Read:5566 | Comments:0 | Tags:Breaking News Hacking credentials penetration testing PowerM

Attacker Demands $15,000 Ransom for Stolen Customer Credentials

A cybercriminal going by the name DetoxRansome claims to have stolen some of the login credentials of Bitdefender’s users and threatened to release the details if $15,000 is not paid as ransom. The attacker told Forbes that all information, including passwords and usernames, was unencrypted. The antivirus software provider Bitdefender confirmed that cu
Publish At:2015-08-06 02:35 | Read:3718 | Comments:0 | Tags:Advanced Threats Bitdefender Credentials Credentials Theft C

Safely Dumping Domain Hashes, with Meterpreter

Dumping the stored password hashes from a live Domain Controller can be tricky. There are a number of things to consider, and there have been several approaches over the years. Some of these approaches have had glaring problems with them. We’ve recently changed all that. Before we talk about our new approach, let’s take a look at the history ther
Publish At:2015-07-01 17:25 | Read:4536 | Comments:0 | Tags:metasploit credentials post-exploitation domains

Uber’s epic DB blunder is hardly an exception. GitHub is awash in passwords

Recent revelations that Uber stored a sensitive database key on a publicly accessible GitHub page generated its share of amazement and outrage. Some Ars readers called for the immediate termination of the employees responsible or for the enactment of new legal penalties for similar blunders in the future.Further ReadingPSA: Don’t upload your import
Publish At:2015-03-05 05:35 | Read:3198 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab credentials Gi

12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever

This post is the fourth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014.This summer, the Metasploit team began the large undertaking of reworking credentials throughout the project. Metasploit, as you already know, began as a collection of traditional exp
Publish At:2014-12-29 19:30 | Read:3873 | Comments:0 | Tags:metasploit credentials haxmas creds bruteforce

Tools

Tag Cloud