HackDig : Dig high-quality web security articles for hackers

Exploiting Android Messengers with WebRTC: Part 3

Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. CVE-2020-6514 discussed in the blog post was fixed on July 14 with these CLs.This series highlights what can go wrong when applications don't apply WebRTC patches and when the communication and notification of secur
Publish At:2020-08-09 01:19 | Read:95 | Comments:0 | Tags: exploit

FBI warns of Iran-linked hackers attempting to exploit F5 BIG-IP flaw

According to the FBI, Iranian hackers are actively attempting to exploit an unauthenticated RCE flaw, tracked as CVE-2020-5902, in F5 Big-IP ADC devices. The FBI is warning of Iranian hackers actively attempting to exploit an unauthenticated remote code execution flaw (CVE-2020-5902) affecting F5 Big-IP application delivery controller (ADC) devices. Ea
Publish At:2020-08-08 12:19 | Read:159 | Comments:0 | Tags:APT Breaking News Hacking BIG-IP F5 Networks BIG-IP exploit

Exploiting Android Messengers with WebRTC: Part 2

Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. This series highlights what can go wrong when applications don't apply WebRTC patches and when the communication and notification of security issues breaks down. Part 3 is scheduled for August 6.Part 2: A Better Bug
Publish At:2020-08-06 11:35 | Read:111 | Comments:0 | Tags: exploit

Malware Attacks Exploiting Machine Identities Double

The number of commodity malware campaigns exploiting machine identities doubled between 2018 and 2019, according to new research.The rapid increase in this particular type of cyber-scourge was unearthed by threat analysts at Venafi, who gathered data on the misuse of machine identities by analyzing security incidents and third-party reports in the
Publish At:2020-08-05 14:50 | Read:106 | Comments:0 | Tags: exploit

MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle

Posted by Mateusz Jurczyk, Project ZeroThis post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when complete.MMS
Publish At:2020-08-05 05:00 | Read:94 | Comments:0 | Tags: exploit

Exploiting Android Messengers with WebRTC: Part 1

Posted by Natalie Silvanovich, Project ZeroThis is a three-part series on exploiting messenger applications using vulnerabilities in WebRTC. This series highlights what can go wrong when applications don't apply WebRTC patches and when the communication and notification of security issues breaks down. Part 2 is scheduled for August 5 and Part 3 is schedu
Publish At:2020-08-04 09:49 | Read:160 | Comments:0 | Tags: exploit

Google Analysis of Zero-Days Exploited in 2019 Finds 'Detection Bias'

Google Project Zero last week released a report on the vulnerabilities exploited in attacks in 2019, and its researchers have drawn some interesting conclusions regarding the detection of zero-days.Google Project Zero has been tracking vulnerabilities exploited in the wild since 2014 and last year it made available a spreadsheet showing the flaws it has trac
Publish At:2020-08-03 11:18 | Read:80 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Ri

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the details involving the URI and Shodan scan parameters. We made the necessary changes in this post. We would like to thank F5 Networks for reaching out to us to clarify these details. With additional insights from Jemimah Molina and Augusto Remill
Publish At:2020-07-31 16:35 | Read:155 | Comments:0 | Tags:Botnets Exploits Vulnerabilities botnet CVE-2020-5902 Exploi

MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec

Posted by Mateusz Jurczyk, Project ZeroThis post is the second of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when complete.MMS
Publish At:2020-07-31 09:33 | Read:95 | Comments:0 | Tags: exploit

MMS Exploit Part 3: Constructing the Memory Corruption Primitives

Posted by Mateusz Jurczyk, Project ZeroThis post is the third of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when complete.MMS E
Publish At:2020-07-31 09:33 | Read:84 | Comments:0 | Tags: exploit

Root Cause Analyses for 0-day In-the-Wild Exploits

Posted by Maddie Stone, Project ZeroWhen a 0-day is exploited in the wild AND it is detected, we need to use that as an opportunity to learn as much as possible about the vulnerability and the exploit if we hope to make 0-day hard. One of the main methods to do that is to perform a root cause analysis (RCA) on the 0-day. Our effort on this began in earn
Publish At:2020-07-31 09:33 | Read:84 | Comments:0 | Tags: exploit

Cyber-Criminals Continue to Exploit #COVID19 During Q2

Cyber-criminals’ exploitation of the COVID-19 pandemic to target individuals and businesses has continued unabated during the second quarter of 2020, according to ESET’s Q2 2020 Threat Report published today. The findings highlight how the crisis is defining the cybersecurity landscape in Q2 in a similar way as it did in Q1 after the pandemic fir
Publish At:2020-07-29 14:27 | Read:81 | Comments:0 | Tags: exploit

CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC).The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product’s Traffic Managemen
Publish At:2020-07-27 17:10 | Read:158 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

The U.S. CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting
Publish At:2020-07-25 15:10 | Read:188 | Comments:0 | Tags:Breaking News Security CISA CVE-2020-5902 F5 BIG-IP Hacking

CVE-2020-3452 flaw in Cisco ASA/FTD exploited within hours after the disclosure

Cisco fixed CVE-2020-3452 high-severity path traversal flaw in its firewalls that can be exploited by remote attackers to obtain sensitive files from the targeted system. Cisco addressed a high-severity path traversal vulnerability in its firewalls, tracked as CVE-2020-3452, that can be exploited by remote attackers to obtain potentially sensitive files
Publish At:2020-07-24 09:24 | Read:162 | Comments:0 | Tags:Breaking News Hacking Security CISCO ASA Cisco FTD CVE-2020-

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud