HackDig : Dig high-quality web security articles for hacker

Citrix Admins Urged to Act as PoC Exploits Surface

IT administrators are being urged to put in place mitigations for a serious Citrix vulnerability which the vendor says won’t be patched until next week at the earliest, after proof-of-concept (PoC) exploits were published.The tech giant revealed the CVE-2019-19781 vulnerability in its Citrix Application Delivery Controller (ADC) and Citrix Gateway back
Publish At:2020-01-13 07:40 | Read:248 | Comments:0 | Tags: exploit

Pulse Secure VPN Vulnerability Still Widely Exploited, CISA Warns

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability.A researcher revealed recently that cybercriminals had started exploiting CVE-2019-11510, a critical vulnerability affecting enterprise VPN product
Publish At:2020-01-10 22:15 | Read:352 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Mozilla Patches Firefox Zero-Day Exploited in Targeted Attacks

Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks.The vulnerability, tracked as CVE-2019-17026 and classified as having critical impact, has been described by Mozilla as an “IonMonkey type confusion with StoreElementHole and FallibleStoreElement.” IonMonkey is the Jus
Publish At:2020-01-09 10:15 | Read:295 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

App Found in Google Play Exploits Recent Android Zero-Day

A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google’s Pixel phones.Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone. A use-after-free in the binder driver, the bug co
Publish At:2020-01-07 10:15 | Read:195 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Viru

Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware

A widely known vulnerability affecting an enterprise VPN product from Pulse Secure has been exploited by cybercriminals to deliver a piece of ransomware, a researcher has warned.The flaw in question, tracked as CVE-2019-11510, is one of the many security holes disclosed last year by a team of researchers in enterprise VPN products from Fortinet, Palo Alto Ne
Publish At:2020-01-06 22:15 | Read:245 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

by Ecular Xu and Joseph C Chen We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack i
Publish At:2020-01-06 14:35 | Read:323 | Comments:0 | Tags:Exploits Mobile app APT google play exploit

Hackers Continue to Exploit Cisco ASA Vulnerability Patched Last Year

Cisco has warned customers that a vulnerability patched last year in its Adaptive Security Appliance (ASA) and Firepower Appliance products continues to be targeted by hackers.The vulnerability, tracked as CVE-2018-0296, allows a remote, unauthenticated attacker to gain access to sensitive information through directory traversal techniques. It can also
Publish At:2019-12-20 22:15 | Read:427 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Incident Response Vu

Malicious Email Exploits Greta Thunberg, Christmas, and Children

A malicious email campaign that exploits the notoriety of youthful Swedish climate crisis activist Greta Thunberg has been discovered by multiple research teams.Threat actors constructed an email that appears to invite the recipient to participate in a demonstration being held to protest the lack of government action being taken to protect the natural enviro
Publish At:2019-12-20 14:40 | Read:335 | Comments:0 | Tags: exploit

Spelevo exploit kit debuts new social engineering trick

2019 has been a busy year for exploit kits, despite the fact that they haven’t been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult websites to compromise more devices. The current Chromium-d
Publish At:2019-12-18 16:50 | Read:344 | Comments:0 | Tags:Threat analysis EK exploit kit Gozi malvertising Qakbot Qbot

DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet

by Aliakbar Zahravi  We recently found notable malware activity affecting devices running Linux, a platform that has battled numerous issues just this year. Further analysis of retrieved malware samples revealed that these actions were connected to a botnet called Momentum (named for the image found in its communication channel). We found new details on the
Publish At:2019-12-16 14:35 | Read:445 | Comments:0 | Tags:Botnets Exploits Internet of Things botnet IOT Momentum rout

Hackers Can Exploit Siemens Control System Flaws in Attacks on Power Plants

The Siemens SPPA-T3000 distributed control system, which is designed for fossil and renewable power plants, is affected by over 50 vulnerabilities, including flaws that can be exploited to disrupt electricity generation.According to Siemens, the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impa
Publish At:2019-12-15 12:00 | Read:348 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Virus & Threats Vulnerab

The little-known ways mobile device sensors can be exploited by cybercriminals

The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device users. But the variety of inputs also give clever hackers new me
Publish At:2019-12-11 16:50 | Read:466 | Comments:0 | Tags:IoT accelerometer Android camera Google gyroscope Internet o

Microsoft Patches Windows Zero-Day Exploited in Korea-Linked Attacks

Microsoft’s December 2019 Patch Tuesday updates fix a total of 36 vulnerabilities, including a Windows zero-day that has been exploited in attacks alongside a Chrome zero-day.The Windows zero-day patched this week is CVE-2019-1458, a privilege escalation flaw related to how the Win32k component handles objects in memory. An attacker can exploit the security
Publish At:2019-12-11 10:15 | Read:423 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Virus &

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the in
Publish At:2019-12-10 18:05 | Read:478 | Comments:0 | Tags:Featured Research Microsoft Windows Vulnerabilities and expl

Attackers Continue to Exploit Outlook Home Page Flaw

FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft. A 2-year-old vulnerability in Microsoft Outlook continues to cause headaches for companies, as attackers are able to use a specific feature of the program to execute code and persist on previously infected syst
Publish At:2019-12-04 22:10 | Read:490 | Comments:0 | Tags: exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud