HackDig : Dig high-quality web security articles for hacker

White hat hackers earn over $500,000 for mobile exploits at Mobile Pwn2Own 2017 competition

Let’s see what has happened at Mobile Pwn2Own 2017 competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. Here we are discussing once again of the Mobile Pwn2Own competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. White hat hackers earned more than half a milli
Publish At:2017-11-02 14:15 | Read:218 | Comments:0 | Tags:Breaking News Hacking Mobile mobile Mobile Pwn2Own 2017 comp

Bad Rabbit Ransomware leverages the NSA Exploit for lateral movements

Malware researchers at Cisco Talos team discovered the Bad Rabbit Ransomware leverages EternalRomance to propagate in the network. New precious details emerge from the analysis of malware researchers at Cisco Talos and F-Secure who respectively discovered and confirmed the presence an NSA exploit in the Bad Rabbit ransomware. On October 24, hundreds of organ
Publish At:2017-10-27 15:05 | Read:174 | Comments:0 | Tags:Breaking News Hacking Malware Bad Rabbit ransomware EternalR

Bad Rabbit Used Pilfered NSA Exploit

Turns out the fast and furious ransomware campaign in Eastern Europe this week employed the so-called 'BadRomance' tool to help it spread. The fast and furious Bad Rabbit ransomware campaign on Oct. 24 had security researchers frantically studying their telemetry and malware to discern the anatomy of the attack. The initial take was that although it uses ret
Publish At:2017-10-27 08:16 | Read:296 | Comments:0 | Tags: exploit

Kaspersky: Hackers used backdoored MS Office key-gen to steal NSA exploits

According to Kaspersky, the PC was hacked after the NSA employee installed a backdoored key generator for a pirated copy of Microsoft Office. More details emerge from the story of the hack of the Kaspersky antivirus that allowed Russian intelligence to stole secret exploits from the personal PC of the NSA staffer. The PC was hacked after the NSA employee ins
Publish At:2017-10-26 20:40 | Read:270 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Intelligence Malware Equ

Analyzing an exploit for СVE-2017-11826

The latest Patch Tuesday (17 October) brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML pa
Publish At:2017-10-26 05:40 | Read:687 | Comments:0 | Tags:Research Microsoft Office Targeted Attacks Vulnerabilities a

APT28 group is rushing to exploit recent CVE-2017-11292 Flash 0-Day before users apply the patches

The APT28 group is trying to exploit the CVE-2017-11292 Flash zero-day before users receive patches or update their systems. Security experts at Proofpoint collected evidence of several malware campaigns, powered by the Russian APT28 group, that rely on a Flash zero-day vulnerability that Adobe patched earlier this week. According to the experts who observed
Publish At:2017-10-23 00:30 | Read:424 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Adobe Flash CVE-2017

Oracle Fixes 20 Remotely Exploitable Java SE Vulns

Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.' Oracle this week urged administrators to apply security patches to their systems more quickly even as it increased their burden with a set of fresh fixes for another 252 vulnerabilities across products including Oracle Database S
Publish At:2017-10-21 23:16 | Read:246 | Comments:0 | Tags: exploit

Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware

A new ransomware is being distributed by the Magnitude exploit kit: Magniber (detected by Trend Micro as RANSOM_MAGNIBER.A and TROJ.Win32.TRX.XXPE002FF019), which we found targeting South Korea via malvertisements on attacker-owned domains/sites. The development in Magnitude’s activity is notable not only because it eschewed Cerber—its usual ransomware paylo
Publish At:2017-10-21 18:05 | Read:518 | Comments:0 | Tags:Bad Sites Exploits Ransomware CERBER CVE-2016-0189 Locky Ran

BlackOasis APT and new targeted attacks leveraging zero-day exploit

More information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com Introduction Kaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details require
Publish At:2017-10-21 15:05 | Read:290 | Comments:0 | Tags:Featured Research Adobe APT Microsoft Word Vulnerabilities a

Zero-Day flaws in 3 WordPress Plugins being exploited in the wild

Security experts at Wordfence reported that Zero-Day vulnerabilities in three different WordPress plugins have been exploited in the wild. Zero-day vulnerabilities in several WordPress plugins have been exploited by threat actors in the wild to hack vulnerable websites and deliver backdoors, the alarm was launched by security firm Wordfence. The attackers ha
Publish At:2017-10-04 22:40 | Read:250 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Cybercrime plugin Wordpres

Google publishes PoC Exploit code for iPhone Wi-Fi Chip hack

Google disclosed details and a proof-of-concept exploit for iPhone Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. This week Google disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. The flaw that was patched this week could be exploited by att
Publish At:2017-09-27 23:55 | Read:247 | Comments:0 | Tags:Breaking News Hacking Mobile CVE-2017-11120 iPhone mobile Wi

ZNIU, the first Android malware family to exploit the Dirty COW vulnerability

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to
Publish At:2017-09-27 05:25 | Read:468 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android CVE-2016-51

Oracle releases security patches for Apache Struts CVE-2017-9805 Flaw exploited in the wild

Oracle fixed several issues in the Apache Struts 2 framework including the flaw CVE-2017-9805 that has been exploited in the wild for the past few weeks. Oracle has released patches for vulnerabilities affecting many of its products, the IT giant has fixed several issues in the Apache Struts 2 framework, including the flaw CVE-2017-9805 that has been exploit
Publish At:2017-09-26 11:00 | Read:341 | Comments:0 | Tags:Breaking News Security CVE-2017-9805 Hacking RCE flaw REST S

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:290 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

Retefe banking Trojan leverages EternalBlue exploit to infect Swiss users

Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of mal
Publish At:2017-09-24 03:40 | Read:316 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware banking trojan Ete

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud