HackDig : Dig high-quality web security articles for hackers

Report: TikTok Harvested MAC Addresses By Exploiting Android Loophole

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from millions of
Publish At:2021-01-14 14:59 | Read:84 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Applic

CISA Warns of Cloud Attacks Exploiting Poor Cyber-Hygiene

A US cybersecurity agency is urging organizations to improve their cyber-hygiene after warning of multiple successful attacks targeting cloud services used by remote workers.The Cybersecurity and Infrastructure Security Agency (CISA) revealed in a report yesterday that attackers are increasingly targeting corporate and personal laptops with phishing, br
Publish At:2021-01-14 10:02 | Read:61 | Comments:0 | Tags: Cloud exploit CISA cyber

Microsoft issues 83 patches, one for actively exploited vulnerability

Every second Tuesday of the month it’s ‘Patch Tuesday’. On Patch Tuesday Microsoft habitually issues a lot of patches for bugs and vulnerabilities in its software. It’s always important to patch, but the update that was released on January 12 is one to pay attention to. That’s because it contains a patch for a vulnerability i
Publish At:2021-01-13 19:18 | Read:106 | Comments:0 | Tags:Exploits and vulnerabilities cve-2021-1647 patch tuesday win

Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue

Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. Microsoft Patch Tuesday security updates for January 2021 fix 83 security vulnerabilities in multiple products, including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Office and Microsoft Office Services
Publish At:2021-01-13 13:00 | Read:83 | Comments:0 | Tags:Breaking News Security DOS Hacking hacking news information

Microsoft patches Defender antivirus zero-day exploited in the wild

Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.Zero-days are vulnerabilities actively exploited in the wild before the vendor issues an official patch or bugs that have publicly available proof-of-concept exploits.The zero-day patched today b
Publish At:2021-01-12 17:49 | Read:80 | Comments:0 | Tags:Security Microsoft Virus exploit

Microsoft Patch Tuesday: 83 Vulnerabilities, 10 Critical, 1 Actively Exploited

Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "critical" bug in the Defender security product that's being actively exploited.Security experts are urging security response personnel to pay special attention to CVE-2021-1647, which describes a remote code execution
Publish At:2021-01-12 16:11 | Read:93 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Virus

Hackers start exploiting the new backdoor in Zyxel devices

Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.Last month, Niels Teusink of Dutch cybersecurity firm EYE disclosed a secret hardcoded backdoor account in Zyxel firewalls and AP controllers. This secret 'zyfwp' account allowed users to login via
Publish At:2021-01-06 09:43 | Read:162 | Comments:0 | Tags:Security exploit hack

Hackers Exploiting Recently Disclosed Zyxel Vulnerability

Security researchers have observed the first attempts to compromise Zyxel devices using a recently disclosed vulnerability related to the existence of hardcoded credentials.The attacks, currently small in numbers, target CVE-2020-29583, a vulnerability affecting several Zyxel firewalls and WLAN controllers that was publicly disclosed at the end of December.F
Publish At:2021-01-05 12:35 | Read:183 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats Vul

Google: Microsoft Improperly Patched Exploited Windows Vulnerability

Google Project Zero has disclosed a Windows zero-day vulnerability caused by the improper fix for CVE-2020-0986, a security flaw abused in a campaign dubbed Operation PowerFall.Tracked as CVE-2020-17008, the new vulnerability was reported to Microsoft on September 24. As per Project Zero’s policy, details were made public 90 days later, on December 23, despi
Publish At:2020-12-28 09:35 | Read:262 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Latest Joomla Exploit ‘CVE-2020-35616’ – Joomla ACL Security Vulnerabilities

Working as a Security Consultant, more often than not, you come across vulnerabilities that are peculiar & at the same time important to be fixed soon. Something of the sort recently happened with me, while looking for new Joomla exploit and attacks in Joomla Security. I came across a vulnerability in Joomla that would give privileges to non-superuser
Publish At:2020-12-26 16:55 | Read:222 | Comments:0 | Tags:Joomla Security News Website Security CVE-2020 Joomla joomla

Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye

Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. Security experts from Qualys are warning that more than 7.5 million devices are potentially exposed to cyber attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of FireEye. As a r
Publish At:2020-12-24 17:12 | Read:243 | Comments:0 | Tags:Breaking News Hacking FireEye hacking news information secur

Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit

Title: Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Advisory ID: ZSL-2020-5613 Type: Local/Remote Impact: Security Bypass Risk: (3/5) Release Date: 24.12.2020SummaryArteco DVR/NVR is a mountable industrial surveillance serverideal for
Publish At:2020-12-24 12:07 | Read:410 | Comments:0 | Tags: exploit

Windows zero-day with bad patch gets new public exploit code

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick.The issue, which advanced hackers exploited as a zero-day in May, is still exploitable but by a different method as security researchers demonstrate w
Publish At:2020-12-23 18:07 | Read:208 | Comments:0 | Tags:Security Microsoft exploit

Journalists' Phones Hacked via iMessage Zero-Day Exploit

A recently observed Pegasus spyware infection campaign targeting tens of Al Jazeera journalists leveraged an iMessage zero-click, zero-day exploit for infection.The Israel-based NSO Group, which has approximately 600 employees in Israel and abroad, made it to the spotlight several years ago, after security firms identified and analyzed Pegasus, a highly inva
Publish At:2020-12-21 13:47 | Read:205 | Comments:0 | Tags:Cyberwarfare Mobile Security NEWS & INDUSTRY Privacy Vir

Zero-day exploit used to hack iPhones of Al Jazeera employees

Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers
Publish At:2020-12-21 07:18 | Read:156 | Comments:0 | Tags:Breaking News Hacking Malware Mobile Al Jazeera Cyberespiona

Tools

Tag Cloud