HackDig : Dig high-quality web security articles for hackers

ClearEnergy ransomware can destroy process automation logics in critical infrastructure, SCADA and industrial control sy

Schneider Electric, Allen-Bradley, General Electric (GE) and more vendors are vulnerable to ClearEnergy ransomware. Researchers at CRITIFENCE® Critical Infrastructure and SCADA/ICS Cyber Threats Research Group have demonstrated this week a new proof of concept ransomware attack aiming to erase (clear) the ladder logic diagram in Programmable Logic Controlle
Publish At:2017-04-16 11:35 | Read:7302 | Comments:0 | Tags:Critical Infrastructures Cyber Security Cyber Security Resea

[CRITICAL] CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Have you ever been deep in the mines of debugging and suddenly realized that you were staring at something far more interesting than you were expecting? You are not alone! Recently a Google engineer noticed that their SSH client segfaulted every time they tried to connect to a specific host. That engineer filed a ticket to investigate the behavior and after
Publish At:2016-11-20 03:20 | Read:5714 | Comments:0 | Tags:Application Security Cyber Security Cyber Security Research

[CRITICAL] Nissan Leaf Can Be Hacked Via Web Browser From Anywhere In The World

What if a car could be controlled from a computer halfway around the world? Computer security researcher and hacker Troy Hunt has managed to do just that, via a web browser and an Internet connection, with an unmodified Nissan Leaf in another country. While so far the control was limited to the HVAC system, it’s a revealing demonstration of what’s possible.
Publish At:2016-11-20 03:20 | Read:5036 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates 0xic

Flaws in Samsung’s ‘Smart’ Home Let Hackers Unlock Doors and Set Off Fire Alarms

  A smoke detector that sends you a text alert when your house is on fire seems like a good idea. An internet-connected door lock with a PIN that can be programmed from your smartphone sounds convenient, too. But when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger, your “smart home” sud
Publish At:2016-11-20 03:20 | Read:4913 | Comments:0 | Tags:Cyber Security Cyber Security Research IoT Physical Security

Another Door to Windows | Hot Potato exploit

Microsoft Windows versions 7, 8, 10, Server 2008 and Server 2012 vulnerable to Hot Potato exploit which gives total control of PC/laptop to hackers Security researchers from Foxglove Security have discovered that almost all recent versions of Microsoft’s Windows operating system are vulnerable to a privilege escalation exploit. By chaining together a series
Publish At:2016-01-25 03:00 | Read:4451 | Comments:0 | Tags:Cyber Security Cyber Security Research Exploits Security Upd

BlackEnergy Attacking Ukraine’s Critical Infrastructures

The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014 (see our previous blog posts on Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland and BlackEnergy PowerPoint Campaigns, as well as ourVirus Bulletin talk on the subject), was also active in the year 2015. ESET has r
Publish At:2016-01-10 19:25 | Read:8894 | Comments:0 | Tags:Cyber Security Cyber Security Research Cyber Warfare ICS SCA

Malware Found Inside Downed Ukrainian Grid Management Points to Cyber-attack

The Burshtyn TES power plant in Ivano-Frankivsk Oblast, Ukraine. It’s not clear if Burshtyn was affected, but power outages did affect the grid in the Ivano-Frankivsk Oblast region. Image: Raimond Spekking/Wikimedia Commons Overview On December 23, a Ukrainian power company announced that a section of the country had gone dark. This temporary outage w
Publish At:2016-01-06 06:55 | Read:8595 | Comments:0 | Tags:Cyber Security Cyber Security Research Cyber Warfare Securit

Newly Discovered Exploit Makes Every iPhone Remotely Hackable

The government would love to get its hands on a foolproof way to break into the new highly encrypted iPhone. And it looks like some clever hackers just gave it to them. Bug bounty startup Zerodium just announced that a team has figured out how to remotely jailbreak the latest iPhone operating system and will take home a million dollar prize. It’s unclear if
Publish At:2015-11-03 07:20 | Read:4687 | Comments:0 | Tags:Cyber Security Cyber Security Research Mobile Security Secur

Self-driving Cars Hacked Using a Simple Laser and a Raspberry Pi

Wake-up call for driverless-car makers to solve this glaring security problem. Self-driving cars are easy to hack with a modified laser pointer. A security researcher has discovered that self-driving cars with laser-powered sensors that detect and avoid obstacles in their paths can easily be fooled by a line-of-sight attacker using a laser pointer to trick
Publish At:2015-09-09 16:25 | Read:4060 | Comments:0 | Tags:Cyber Security Cyber Security Research Security Updates Tech

United Airlines’ Frequent Flyer App has been hacked

United Airlines’ Frequent Flyer App Can Be Hacked to Reveal Passenger Info Flying has never been more convenient for customers. The security checks might be a drag, but sometimes all it takes to check in online is punching in a few digits into a mobile app. But that may be just a little too convenient. A cybersecurity company has discovered that it
Publish At:2015-08-19 10:20 | Read:5236 | Comments:0 | Tags:Aerospace Application Security Aviation Cyber Security Cyber

DynamoRIO | Runtime Code Manipulation System

About DynamoRIO DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems,
Publish At:2015-07-28 12:00 | Read:5417 | Comments:0 | Tags:Application Security Cyber Security Cyber Security Research

Anticuckoo – A tool to detect and crash Cuckoo Sandbox.

Anticuckoo A tool to detect and crash Cuckoo Sandbox. Tested in Cuckoo Sandbox Official and Accuvant’s Cuckoo version. Reddit / netsec discussion about anticuckoo. Features Detection: Cuckoo hooks detection (all kind of cuckoo hooks). Suspicius data in own memory (without APIs, page per page scanning). Crash (Execute with arguments) (out of a sand
Publish At:2015-07-07 12:45 | Read:3693 | Comments:0 | Tags:Cyber Security Research Cyber Warfare Security Updates Tools

One in Five Android Apps Is Malware

Bad news, phandroids. Android malware is on the rise. According to Symantec’s latest Internet Security Threat Report, “17 percent of all Android apps (nearly one million total) were actually malware in disguise.” In 2013, Symantec uncovered roughly 700,000 virus-laden apps. More than one third of all apps were what Symantec calls “grayware”
Publish At:2015-06-09 16:15 | Read:3992 | Comments:0 | Tags:Cyber Security Cyber Security Research Mobile Security Secur

New GPU-based Linux Rootkit and Keylogger | Proof-of-concept GPU rootkit hides in VRAM, snoops system activities

  A team of coders have published a new “educational” rootkit, dubbed Jellyfish, that’s virtually undetectable by current software practices. Their work is designed to demonstrate that GPUs, which have become considerably more powerful and flexible over the past decade, are now capable of running keyloggers and rootkits. The world of hacking has becom
Publish At:2015-06-09 16:15 | Read:5423 | Comments:0 | Tags:Application Security Cyber Security Cyber Security Research


Tag Cloud