HackDig : Dig high-quality web security articles

Patch now! NSA, CISA, and FBI warn of Russian intelligence exploiting 5 vulnerabilities

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have jointly released a Cybersecurity Advisory called Russian SVR Targets U.S. and Allied Networks,  to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. Th
Publish At:2021-04-16 12:15 | Read:144 | Comments:0 | Tags:Malwarebytes news apt29 cisa cozy bear cve-2018-13379 cve-20

Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched

A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week.The second exploit was publicly disclosed by a researcher who uses the online moniker Frust and who w
Publish At:2021-04-15 11:55 | Read:53 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

NSA: Russian Hackers Exploiting VPN Vulnerabilities - Patch Immediately

The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.The urgent advisory was issued by the National Security Agency (NSA) to call attention to a quintet of CVEs
Publish At:2021-04-15 11:55 | Read:175 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit hack

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it.
Publish At:2021-04-14 17:59 | Read:225 | Comments:0 | Tags:Security exploit

Update now! Chrome needs patching against two in-the-wild exploits

A day late and a dollar short is a well-known expression that comes in a few variations. But this version has a movie and a book to its name, so I’m going with this one. Why? Google has published an update for the Chrome browser that patches two newly discovered vulnerabilities. The browser’s Stable channel has been updated to 89.0.4389.128 for Wind
Publish At:2021-04-14 12:14 | Read:140 | Comments:0 | Tags:Exploits and vulnerabilities 89.0.4389.128 blink chrome cve-

Ransomware disrupts food supply chain, Exchange exploitation suspected

When malware found its way into the network of Bakker Logistiek, a company specializing in the transport and warehousing of food and other products, on the night of 4 to 5 April, its IT systems ground to a halt. And, along with them, the reception of orders from clients, and the delivery of goods to branches of Albert Heijn, the largest supermarket chain in
Publish At:2021-04-14 08:19 | Read:108 | Comments:0 | Tags:Awareness Ransomware Albert Heijn Bakker Logistiek Black Kin

Experts released PoC exploit code for a critical RCE in QNAP NAS devices

The exploit code for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system is available online. An exploit for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices was publicly released. The vulnerability, tracked as CV
Publish At:2021-04-13 13:25 | Read:186 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system.The bug, specifically a memory corruption issue, was found to impact QNAP NAS devices running Surveillance Station versions 5.1.5.4.2 and 5.1.5.3.2, and was addressed in
Publish At:2021-04-13 12:55 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers

A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers.On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that a
Publish At:2021-04-13 09:00 | Read:145 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

Expert publicly released Chromium-based browsers exploit demonstrated at Pwn2Own 2021

An Indian security researcher has published a proof-of-concept (PoC) exploit code for a vulnerability impacting Google Chrome and other Chromium-based browsers. The Indian security researcher Rajvardhan Agarwal has publicly released a proof-of-concept exploit code for a recently discovered vulnerability that affects Google Chrome, Microsoft Edge, and othe
Publish At:2021-04-13 06:24 | Read:149 | Comments:0 | Tags:Breaking News Hacking Chrome hacking news information securi

Zerodium Offering $300,000 for WordPress Exploits

Exploit acquisition company Zerodium announced last week that it’s temporarily offering $300,000 for high-impact WordPress exploits.The firm is looking for exploits that can be used to achieve remote code execution. The exploit must work on default configurations running the latest version of WordPress, it needs to target WordPress itself and not third-party
Publish At:2021-04-12 09:30 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit wordpress

Zerodium will pay $300K for WordPress RCE exploits

Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system. Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management system that could be used to achieve remote code execution. Zerodium announced via Twitter that is tempora
Publish At:2021-04-09 20:11 | Read:204 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Researchers earn $1,2 million for exploits demoed at Pwn2Own 2021

Pwn2Own 2021 ended with contestants earning a record $1,210,000 for exploits and exploits chains demoed over the course of three days.During this year's hacking competition, 23 teams and researchers and security researchers targeted multiple products in the web browsers, virtualization, servers, local escalation of privilege, and enterprise communications ca
Publish At:2021-04-09 12:42 | Read:125 | Comments:0 | Tags:Security exploit

Zerodium triples WordPress remote code execution exploit payout

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution.The exploit acquisition platform is now enticing exploit developers and sellers with a $300,000 payout, three times more than the regular price.Short-term bumpThe company announced in a tweet today that the current is
Publish At:2021-04-09 12:42 | Read:92 | Comments:0 | Tags:Security exploit wordpress

Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

Author: Alexander Popov, Positive TechnologiesCVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP a
Publish At:2021-04-09 11:33 | Read:166 | Comments:0 | Tags: exploit