HackDig : Dig high-quality web security articles for hackers

Update now! Chrome patches zero-day that was exploited in the wild

A Chrome patch has been issued with an advisory stating that the Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux. The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. But that one looks to be extremely important. Which zero-day got patched? Publicly
Publish At:2021-02-05 09:24 | Read:187 | Comments:0 | Tags:Exploits and vulnerabilities Social engineering C&C chrome c

RDP abused for DDoS attacks

We have talked about RDP many times before. It has been a popular target for brute force attacks for a long time, but attackers have now found a new way to abuse it. Remote access has become more important during the pandemic, with as many people as possible try to work from home. Which makes it all the more important to configure RDP services in a secure
Publish At:2021-01-29 13:36 | Read:213 | Comments:0 | Tags:Exploits and vulnerabilities ddos DDos attack netscout rdp r

DNSpooq bugs haunt dnsmasq

The research team at JSOF found seven vulnerabilities in dnsmasq and have dubbed them DNSpooq, collectively. Now, some of you may shrug and move on, probably because you haven’t heard of dnsmasq before. Well, before you go, you should know that dnsmasq is used in a wide variety of phones, routers, and other network devices, besides some Linux distribut
Publish At:2021-01-21 14:30 | Read:187 | Comments:0 | Tags:Exploits and vulnerabilities buffer overflow cve-2020-25681

The story of ZeroLogon

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vu
Publish At:2021-01-19 15:42 | Read:210 | Comments:0 | Tags:Exploits and vulnerabilities cve-2020-1472 elevation of priv

Microsoft issues 83 patches, one for actively exploited vulnerability

Every second Tuesday of the month it’s ‘Patch Tuesday’. On Patch Tuesday Microsoft habitually issues a lot of patches for bugs and vulnerabilities in its software. It’s always important to patch, but the update that was released on January 12 is one to pay attention to. That’s because it contains a patch for a vulnerability i
Publish At:2021-01-13 19:18 | Read:227 | Comments:0 | Tags:Exploits and vulnerabilities cve-2021-1647 patch tuesday win

Hat trick for Google as it patches two more zero-days in Chrome

Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or so after we advised you to update your Chrome browser. Things are getting a bit repetitive round here. Today, we are compelled to repeat that statement as Google has issued patches for two new zero-day vulnerabilities. Someone tipped Google off about
Publish At:2020-11-12 21:23 | Read:675 | Comments:0 | Tags:Exploits and vulnerabilities chrome cve-2020-16013 cve-2020-

Mozilla patches critical security issues in Firefox and Thunderbird

Mozilla has issued a critical patch for Firefox, Firefox ESR, and Thunderbird after a security issue was discovered at the Tianfu Cup 2020 International Cybersecurity Contest The security issue has been assigned CVE-2020-26950 which has the “reserved” status. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures
Publish At:2020-11-10 14:47 | Read:397 | Comments:0 | Tags:Exploits and vulnerabilities buffer overflow cve-2020-26950

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zero team, and patches were issued yesterday. What has Apple
Publish At:2020-11-06 17:11 | Read:411 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apple CVE-2020-27930 CVE-

Update your Chrome again as Google patches second zero-day in two weeks

Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in
Publish At:2020-11-03 15:05 | Read:630 | Comments:0 | Tags:Exploits and vulnerabilities 0day chrome cve-2020-16009 Java

Google patches actively exploited zero-day bug that affects Chrome users

Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw – that means a vulnerability that is being actively exploited in the wild. The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function. FreeType
Publish At:2020-10-26 08:11 | Read:636 | Comments:0 | Tags:Exploits and vulnerabilities 86.0.4240.111 browser exploit C

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That’s because an open port can be subject to brute force attacks. What are brute force attacks? A brute force attack is w
Publish At:2020-10-20 11:47 | Read:598 | Comments:0 | Tags:Exploits and vulnerabilities Web threats 2fa attacks brute f

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta
Publish At:2020-06-23 14:30 | Read:758 | Comments:0 | Tags:Exploits and vulnerabilities artificial intelligence EDR end

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on second- and third-tier adult sites, leading to the Fallout or
Publish At:2020-04-07 14:49 | Read:1198 | Comments:0 | Tags:Exploits and vulnerabilities copycat criminals copycat sites

Exploit kits: fall 2019 review

Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising
Publish At:2019-11-19 16:50 | Read:2060 | Comments:0 | Tags:Exploits and vulnerabilities Capesand EK exploit kit Fallout

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:2054 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Tools

Tag Cloud