HackDig : Dig high-quality web security articles for hackers

MMS Exploit Part 5: Defeating Android ASLR, Getting RCE

Posted by Mateusz Jurczyk, Project ZeroThis post is the fifth and final of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. Previous posts are linked below:MMS Exploit Part 1: Introduction to the Samsung Qma
Publish At:2020-08-21 13:54 | Read:241 | Comments:0 | Tags: exploit

Mozilla offers rewards for Bypassing Firefox Exploit Mitigations

Mozilla has expanded its bug bounty program including rewards for bypass methods for the exploit mitigations and security features in Firefox. Mozilla announced this week that it has expanded its bug bounty program with a new category that focuses on bypass methods for the exploit mitigations, security features, and defense-in-depth measures implemented i
Publish At:2020-08-21 12:58 | Read:219 | Comments:0 | Tags:Breaking News Security Bug Bounty Firefox Hacking hacking ne

Mozilla Offering Rewards for Bypassing Firefox Exploit Mitigations

Mozilla announced on Thursday that it has expanded its bug bounty program with a new category that focuses on bypass methods for the exploit mitigations, security features and defense-in-depth measures in Firefox.Mozilla says mitigation bypasses have until now been classified as low- or moderate-severity issues, but they are now eligible for a reward associa
Publish At:2020-08-21 11:12 | Read:229 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Over 70% of ICS Vulnerabilities Disclosed in First Half of 2020 Remotely Exploitable

Over 70% of the industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 were remotely exploitable through a network attack vector, industrial cybersecurity company Claroty reported on Wednesday.Claroty has analyzed the 365 ICS flaws added to the National Vulnerability Database (NVD) and 385 vulnerabilities covered in advisories pu
Publish At:2020-08-19 15:49 | Read:237 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities exploit

Majority of ICS Vulnerabilities Can Be Exploited Remotely

New research has found that more than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely.The discovery was unveiled in the inaugural "Biannual ICS Risk & Vulnerability Report," released today by Claroty, a global leader in operational technology (OT) security.The report
Publish At:2020-08-19 14:20 | Read:186 | Comments:0 | Tags: exploit

Actively exploited CVE-2020-1464 Windows Spoofing flaw was known since 2018

The actively exploited Windows spoofing vulnerability (CVE-2020-1464) recently patched by Microsoft has been known for more than two years. The actively exploited Windows spoofing flaw, tracked as CVE-2020-1464 and patched last week by Microsoft, has been known for more than two years, researchers revealed. Microsoft’s August 2020 Patch Tuesday securit
Publish At:2020-08-19 05:34 | Read:294 | Comments:0 | Tags:Breaking News Hacking CVE-2020-1464 information security new

Actively Exploited Windows Spoofing Flaw Patched Two Years After Disclosure

The actively exploited Windows spoofing vulnerability patched last week by Microsoft has been known for more than two years, researchers pointed out.Microsoft’s August 2020 Patch Tuesday updates addressed 120 vulnerabilities, including an Internet Explorer zero-day that has been chained with a Windows flaw in attacks linked to the threat actor named DarkHote
Publish At:2020-08-17 16:50 | Read:263 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vi

PoC exploit code for two Apache Struts 2 flaws available online

Security researchers have discovered a PoC exploit code available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was release
Publish At:2020-08-15 12:48 | Read:354 | Comments:0 | Tags:Breaking News Hacking Apache Struts 2 hacking news informati

August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild

The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used for spoofing.
Publish At:2020-08-14 15:07 | Read:220 | Comments:0 | Tags:Exploits Vulnerabilities August Patch Tuesday patch Patch Tu

Microsoft August 2020 Patch Tuesday fixed actively exploited zero-days

Microsoft August 2020 Patch Tuesday updates addressed 120 vulnerabilities, including two zero-days that have been exploited in attacks. Microsoft August 2020 Patch Tuesday updates have addressed 120 flaws, including two zero-day vulnerabilities that have been exploited in attacks in the wild. The two issues are a Windows spoofing bug and a remote code
Publish At:2020-08-12 06:20 | Read:236 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

Citrix fixed flaws in XenMobile that will be likely exploited soon

Citrix addressed multiple vulnerabilities in Citrix Endpoint Management (XenMobile) that can be exploited by an attacker to gain administrative privileges on affected systems. The Citrix Endpoint Management (CEM), formerly XenMobile, is software that provides mobile device management (MDM) and mobile application management (MAM). The vulnerabilities t
Publish At:2020-08-12 06:20 | Read:309 | Comments:0 | Tags:Breaking News Security Citrix Citrix XenMobile flaws Hacking

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for
Publish At:2020-08-12 03:19 | Read:328 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Internet Ex

Citrix Expects Hackers to Exploit Newly Patched XenMobile Vulnerabilities

Citrix on Tuesday released patches to address multiple vulnerabilities in Citrix Endpoint Management (CEM), which allow an attacker to gain administrative privileges on affected systems.Often referred to as XenMobile, the Citrix Endpoint Management (CEM) server provides businesses with management capabilities for both mobile devices and applications and allo
Publish At:2020-08-11 17:26 | Read:233 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Microsoft Patches Actively Exploited Windows, IE Vulnerabilities

Microsoft has addressed 120 vulnerabilities with its August 2020 Patch Tuesday updates, including a Windows spoofing bug and a remote code execution flaw in Internet Explorer that have been exploited in attacks.The Windows spoofing vulnerability, tracked as CVE-2020-1464, is related to Windows incorrectly validating file signatures. An attacker can exploit t
Publish At:2020-08-11 17:26 | Read:248 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

vBulletin Patches Zero-Day Exploited in Attacks

vBulletin developers on Monday rushed to address a zero-day remote code execution (RCE) vulnerability in the forum software, one day after the issue was publicly disclosed.Written in PHP, vBulletin is highly popular among numerous large brands, including Electronic Arts, Pearl Jam, Sony, Steam, Zynga, and others.The newly disclosed vulnerability is related t
Publish At:2020-08-11 12:50 | Read:232 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Tools

Tag Cloud