HackDig : Dig high-quality web security articles for hacker

Microsoft Patches Windows Zero-Day Exploited in Korea-Linked Attacks

Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 vulnerabilities, including a Windows zero-day that has been exploited in attacks alongside a Chrome zero-day.The Windows zero-day patched this week is CVE-2019-1458, a privilege escalation flaw related to how the Win32k component handles objects in memory. An attacker can exploit the security
Publish At:2019-12-11 10:15 | Read:71 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Virus &

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the in
Publish At:2019-12-10 18:05 | Read:211 | Comments:0 | Tags:Featured Research Microsoft Windows Vulnerabilities and expl

Attackers Continue to Exploit Outlook Home Page Flaw

FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft. A 2-year-old vulnerability in Microsoft Outlook continues to cause headaches for companies, as attackers are able to use a specific feature of the program to execute code and persist on previously infected syst
Publish At:2019-12-04 22:10 | Read:215 | Comments:0 | Tags: exploit

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign

by William Gamazo Sanchez and Joseph C. Chen In November 2019, we published a blog analyzing an exploit kit we named Capesand that exploited Adobe Flash and Microsoft Internet Explorer flaws. During our analysis of the indicators of compromise (IoCs) in the deployed samples that were infecting the victim’s machines, we noticed some interesting characteristic
Publish At:2019-12-04 14:35 | Read:194 | Comments:0 | Tags:Exploits Malware Capesand KurdishCoder exploit

'StrandHogg' Vulnerability Exploited by Malicious Android Apps

Norwegian app security company Promon on Monday disclosed the existence of a vulnerability that has been exploited by tens of malicious Android apps, and warned that hundreds of popular applications are at risk of being targeted.Promon has dubbed the flaw StrandHogg, which is an old Norse term describing a Viking tactic that involved raiding coastal areas to
Publish At:2019-12-02 22:15 | Read:272 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Malware Vulnerabilities

Google Offering Up to $1.5 Million for Pixel Titan M Exploits

Google on Thursday announced that it’s expanding its Android bug bounty program, and certain types of exploits can now earn researchers up to $1.5 millionAccording to Google, it has paid out over $4 million for more than 1,800 vulnerability reports received since the launch of its Android Security Rewards program in 2015. In the past year, payouts totaled ov
Publish At:2019-11-22 00:00 | Read:165 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Exploit kits: fall 2019 review

Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising
Publish At:2019-11-19 16:50 | Read:293 | Comments:0 | Tags:Exploits and vulnerabilities Capesand EK exploit kit Fallout

Zero-Day Exploits Earn Hackers Over $500K at Chinese Competition

White hat hackers have earned $545,000 for successfully demonstrating zero-day exploits targeting products from VMware, Microsoft, Google, Apple, D-Link, and Adobe at the 2019 Tianfu Cup hacking competition that took place over the weekend in Chengdu, the capital of China's Sichuan province.The highest single reward, $200,000, was received by the team named
Publish At:2019-11-18 10:45 | Read:292 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

US-CERT Warns of Remotely Exploitable Bugs in Medical Devices

Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.US-CERT has issued an advisory for vulnerabilities in Medtronic's Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, official
Publish At:2019-11-14 22:10 | Read:222 | Comments:0 | Tags: exploit

Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit

Title: Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Advisory ID: ZSL-2019-5542 Type: Local/Remote Impact: DoS Risk: (3/5) Release Date: 13.11.2019SummaryDesigo PX is a modern building automation and controlsystem for the entire field of building service pl
Publish At:2019-11-13 10:35 | Read:1164 | Comments:0 | Tags: exploit

Microsoft Patches Another Internet Explorer Flaw Exploited in Attacks

Microsoft’s Patch Tuesday updates for November 2019 fix over 70 vulnerabilities, including an Internet Explorer flaw that has been exploited in attacks.The zero-day vulnerability, tracked as CVE-2019-1429, affects the scripting engine used by Internet Explorer 9, 10 and 11. Microsoft describes the security hole as a memory corruption bug that can allow an at
Publish At:2019-11-12 22:15 | Read:294 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Tech Support Scammers Exploiting Unpatched Firefox Bug

Mozilla is working on addressing a Firefox bug that has been exploited by tech support scammers to lock the browser when users visit specially crafted websites.Attacks were spotted recently by Jérôme Segura of Malwarebytes, who told SecurityWeek that there are currently two known Firefox bugs that have been abused in tech support scams.Exploitation only requ
Publish At:2019-11-12 10:15 | Read:199 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Fraud & Identity

New Exploit Kit Capesand Reuses Old and New Public Exploits and Tools, Blockchain Ruse

By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez We discovered a new exploit kit named Capesand in October 2019. Capesand attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE). Based on our investigation, it also exploits a 2015 vulnerability for IE. It seems the cybercriminals behind the exploit kit are continuo
Publish At:2019-11-12 02:35 | Read:133 | Comments:0 | Tags:Exploits Malware Blockchain Capesand exploit kit exploit

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed th
Publish At:2019-11-12 01:05 | Read:165 | Comments:0 | Tags:Featured Incidents Google Chrome JavaScript Proof-of-Concept

The Unpatchable Checkra1n Exploit

Today, the “unpatchable” jailbreak known as  Checkra1n (Device Compatibility) was officially released and generally available. Checkra1n is unprecedented in potential impact with millions of devices at risk as a result of the extensive device and iOS targets. While this should concern anyone using any of the targeted devices or iOS versions, those using Zim
Publish At:2019-11-12 00:25 | Read:279 | Comments:0 | Tags:Threat Research checkra1n exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud