HackDig : Dig high-quality web security articles for hackers

Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software.In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019.The vulnerability (CVE-2019-10149) first appeared in
Publish At:2020-05-29 09:32 | Read:138 | Comments:0 | Tags:IT Security and Data Protection Latest Security News MTA San

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

The U.S. NSA warns that Russia-linked APT group known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA). The U.S. National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software
Publish At:2020-05-28 18:26 | Read:174 | Comments:0 | Tags:APT Breaking News Hacking Security CVE-2019-10149 Exim infor

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploit
Publish At:2020-05-28 06:34 | Read:154 | Comments:0 | Tags:APT reports Google Chrome Malware Technologies Microsoft Win

New iPhone jailbreak released

byPaul DucklinApple’s latest iOS versions have only been out for a week.The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”.But there’s a jailbreak available already for iOS 13.5, released by th
Publish At:2020-05-26 12:55 | Read:163 | Comments:0 | Tags:Apple iOS DMCA Exploit ios iPhone jailbreak right to repair

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

byLisa VaasWhen work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misco
Publish At:2020-05-18 12:27 | Read:158 | Comments:0 | Tags:Malware Security threats Vulnerability .net Adobe Flash Apac

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes

While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.The oil and gas industry has been taking a beating as severe as any other hit hard by the COVID-19 shutdown. Tanker ships loaded with crude idle in the ocean, traders struggle to store what has already been pumped, and last week prices p
Publish At:2020-05-03 14:48 | Read:570 | Comments:0 | Tags: exploit

CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, L
Publish At:2020-05-03 08:57 | Read:339 | Comments:0 | Tags:Breaking Android BlueFrag Bluetooth exploit

Exploiting java deserialization vulnerabilities in crypto contexts - a java applet case-study

Hi,regardless of being a deprecated technology, there are still many legacy applications relying on java applets out there. A bit of time ago we were involved in an atypical web application penetration test.The difficulty consisted in the fact that the java serialized payload responsible for triggerring the vulnerability was located inside the authenticated
Publish At:2020-05-03 08:30 | Read:396 | Comments:0 | Tags: exploit

TrickBot operators exploit COVID-19 as lures

IBM X-Force researchers spotted a new COVID-19-themed campaign spreading the infamous TrickBot trojan through fake messages. IBM X-Force researchers uncovered a new COVID-19-themed campaign that is spreading the infamous TrickBot trojan through fake messages. The spam messages pretend to be sent by the Department of Labor’s Family and Medical Leave Act
Publish At:2020-05-03 08:26 | Read:277 | Comments:0 | Tags:Breaking News Cyber Crime Malware coronavirus COVID-19 it se

A Zoom zero-day exploit is up for sale for $500,000

Millions of people have moved onto the Zoom video-conferencing platform as the Coronavirus pandemic has forced them to work from their homes.According to Zoom’s own statistics, its daily usage has soared from approximately 10 million daily users in December to over 200 million today. And although Zoom must be pleased to see so many more people using it
Publish At:2020-04-16 10:46 | Read:486 | Comments:0 | Tags:Featured Articles IT Security and Data Protection vulnerabil

A zero-day exploit for Zoom Windows RCE offered for $500,000

Hackers are selling two zero-day exploits for critical issues affecting the video conferencing software Zoom that would allow attackers to spy on communications. Hackers are offering for sale an exploit for a zero-day remote code execution vulnerability affecting the Windows client for Zoom. The zero-day exploit goes for $500,000, hackers are also offeri
Publish At:2020-04-15 19:42 | Read:557 | Comments:0 | Tags:Breaking News Hacking information security news it security

Microsoft addresses three Windows issues actively exploited

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. 17 vulnerabilities are rated critical, the
Publish At:2020-04-14 19:20 | Read:636 | Comments:0 | Tags:Breaking News Security information security news it security

Windows Vulnerabilities Exploited for Code Execution, Privilege Escalation

Microsoft’s Update Tuesday patches for April 2020 address 113 vulnerabilities, including three Windows flaws that have been exploited in attacks for arbitrary code execution and privilege escalation.Microsoft has patched two actively exploited remote code execution vulnerabilities related to the Adobe Type Manager Library. Despite its name, this library is e
Publish At:2020-04-14 15:21 | Read:526 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vu

Keep Zoombombing cybercriminals from dropping a load on your meetings

While shelter in place has left many companies struggling to stay in business during the COVID-19 epidemic, one company in particular has seen its fortunes rise dramatically. Zoom, the US-based maker of teleconferencing software, has become the web conference tool of choice for employees working from home (WFH), friends coming together for virtual happy hour
Publish At:2020-04-14 14:25 | Read:471 | Comments:0 | Tags:How-tos coronavirus covid-19 exploit exploits how-to zoom te

COVID-19 Phishing Update: Workplace Concerns Exploited to Distribute Malware

<p><span style="background-color: transparent;">In recent efforts to deliver attacks that abuse the novel coronavirus, threat actors are exploiting workplace concerns about outbreak prevention and shipment delays. Below are two examples sent with the intent of delivering malware.&nbsp;</span></p> <p><i>We are provid
Publish At:2020-04-13 11:05 | Read:395 | Comments:0 | Tags:COVID-19 exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud