HackDig : Dig high-quality web security articles for hacker

Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. Until a fix becomes available, the company has shared some workarounds and mitigations.The flaw, tracked as CVE-2020-0674 and described a
Publish At:2020-01-20 10:15 | Read:115 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered.Tracked as CVE-2019-19781, the vulnerability impacts Citrix ADC and Gateway products (p
Publish At:2020-01-17 22:15 | Read:274 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Help?! Possible global hacker attack by Citrix vulnerability

Following another official vulnerability alert issued in the past 48 hours, which has been known since December, companies still protected from this new attack are continuously receiving new requests for help. CISA considers the vulnerability to be one of the most dangerous exploits of recent years. Potentially, some 80,000 companies worldwide are at risk. T
Publish At:2020-01-17 09:15 | Read:282 | Comments:0 | Tags:News Security business Exploit Germany vulnerability Vulnera

PoC Exploits Released for Cisco DCNM Vulnerabilities

A researcher who discovered many vulnerabilities in Cisco’s Data Center Network Manager (DCNM) product has made public some proof-of-concept (PoC) exploits and technical details.In early January, Cisco informed customers that it had released updates for DCNM to address several critical and high-severity vulnerabilities.The vulnerabilities rated critical can
Publish At:2020-01-16 22:15 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

Exploiting the Windows CryptoAPI Vulnerability

On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of trust in a wide variety of contexts, such as HTTPS and code signing. If you want to stop reading here, get the important details, and see if you̵
Publish At:2020-01-16 15:25 | Read:215 | Comments:0 | Tags:Cryptography Exploits Vulnerability exploit

PoC Exploits Released for Crypto Vulnerability Found by NSA

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.The vulnerability, named by some ChainOfFools and CurveBall, was patched by Microsoft this week with
Publish At:2020-01-16 12:00 | Read:230 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Windows 7 computers will no longer be patched after today

byPaul DucklinDo you know what you were doing 3736 days ago?We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.)Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the internet to help us recall what happened on 22 October 2009.That was the official release date of Windo
Publish At:2020-01-14 12:40 | Read:138 | Comments:0 | Tags:Microsoft Exploit Patch patchocalypse vulnerability Windows

Exploits Released for As-Yet Unpatched Critical Citrix Flaw

Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say.Organizations that have not yet applied recommended mitigations for a recently disclosed remotely exploitable flaw in the Citrix Application Delivery Controller (ADC) and Citrix Gateway products now have a very
Publish At:2020-01-13 22:10 | Read:153 | Comments:0 | Tags: exploit

Exploits Published for Citrix ADC Vulnerability, Patches Coming Soon

Exploits targeting the recent Citrix Application Delivery Controller (ADC) vulnerability have already been published online, yet security patches will not be available for at least another week.Impacting both Citrix ADC and Citrix Gateway (previously known as NetScaler ADC and NetScaler Gateway), the vulnerability is tracked as CVE-2019-19781 and could lead
Publish At:2020-01-13 10:15 | Read:130 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Citrix Admins Urged to Act as PoC Exploits Surface

IT administrators are being urged to put in place mitigations for a serious Citrix vulnerability which the vendor says won’t be patched until next week at the earliest, after proof-of-concept (PoC) exploits were published.The tech giant revealed the CVE-2019-19781 vulnerability in its Citrix Application Delivery Controller (ADC) and Citrix Gateway back
Publish At:2020-01-13 07:40 | Read:221 | Comments:0 | Tags: exploit

Pulse Secure VPN Vulnerability Still Widely Exploited, CISA Warns

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability.A researcher revealed recently that cybercriminals had started exploiting CVE-2019-11510, a critical vulnerability affecting enterprise VPN product
Publish At:2020-01-10 22:15 | Read:320 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Mozilla Patches Firefox Zero-Day Exploited in Targeted Attacks

Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks.The vulnerability, tracked as CVE-2019-17026 and classified as having critical impact, has been described by Mozilla as an “IonMonkey type confusion with StoreElementHole and FallibleStoreElement.” IonMonkey is the Jus
Publish At:2020-01-09 10:15 | Read:262 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

App Found in Google Play Exploits Recent Android Zero-Day

A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google’s Pixel phones.Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone. A use-after-free in the binder driver, the bug co
Publish At:2020-01-07 10:15 | Read:177 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Viru

Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware

A widely known vulnerability affecting an enterprise VPN product from Pulse Secure has been exploited by cybercriminals to deliver a piece of ransomware, a researcher has warned.The flaw in question, tracked as CVE-2019-11510, is one of the many security holes disclosed last year by a team of researchers in enterprise VPN products from Fortinet, Palo Alto Ne
Publish At:2020-01-06 22:15 | Read:189 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

by Ecular Xu and Joseph C Chen We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack i
Publish At:2020-01-06 14:35 | Read:305 | Comments:0 | Tags:Exploits Mobile app APT google play exploit


Share high-quality web security related articles with you:)


Tag Cloud