HackDig : Dig high-quality web security articles for hackers

Hat trick for Google as it patches two more zero-days in Chrome

Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or so after we advised you to update your Chrome browser. Things are getting a bit repetitive round here. Today, we are compelled to repeat that statement as Google has issued patches for two new zero-day vulnerabilities. Someone tipped Google off about
Publish At:2020-11-12 21:23 | Read:231 | Comments:0 | Tags:Exploits and vulnerabilities chrome cve-2020-16013 cve-2020-

Mozilla patches critical security issues in Firefox and Thunderbird

Mozilla has issued a critical patch for Firefox, Firefox ESR, and Thunderbird after a security issue was discovered at the Tianfu Cup 2020 International Cybersecurity Contest The security issue has been assigned CVE-2020-26950 which has the “reserved” status. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures
Publish At:2020-11-10 14:47 | Read:142 | Comments:0 | Tags:Exploits and vulnerabilities buffer overflow cve-2020-26950

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zero team, and patches were issued yesterday. What has Apple
Publish At:2020-11-06 17:11 | Read:148 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apple CVE-2020-27930 CVE-

Update your Chrome again as Google patches second zero-day in two weeks

Before you start to Google for election news, we’d like you to check whether your browser is at the latest and safest version. “Again?”, Chrome users may say. Yes, because Google has found another zero-day vulnerability – that means it’s a hole that is actively being exploited right now. It’s the second zero-day in Google found in
Publish At:2020-11-03 15:05 | Read:221 | Comments:0 | Tags:Exploits and vulnerabilities 0day chrome cve-2020-16009 Java

Google patches actively exploited zero-day bug that affects Chrome users

Google has recently released Chrome version 86.0.4240.111 to patch several holes. One is for a zero-day flaw – that means a vulnerability that is being actively exploited in the wild. The flaw, which is officially designated as CVE-2020-15999, occurs in the way FreeType handles PNG images embedded in fonts using the Load_SBit_Png function. FreeType
Publish At:2020-10-26 08:11 | Read:242 | Comments:0 | Tags:Exploits and vulnerabilities 86.0.4240.111 browser exploit C

Brute force attacks increase due to more open RDP ports

While leaving your back door open while you are working from home may be something you do without giving it a second thought, having unnecessary ports open on your computer is a security risk that is sometimes underestimated. That’s because an open port can be subject to brute force attacks. What are brute force attacks? A brute force attack is w
Publish At:2020-10-20 11:47 | Read:298 | Comments:0 | Tags:Exploits and vulnerabilities Web threats 2fa attacks brute f

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta
Publish At:2020-06-23 14:30 | Read:507 | Comments:0 | Tags:Exploits and vulnerabilities artificial intelligence EDR end

Copycat criminals abuse Malwarebytes brand in malvertising campaign

While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a copycat—fake—Malwarebytes website that was used as a gate to the Fallout EK, which distributes the Raccoon stealer. The few malvertising campaigns that remain are often found on second- and third-tier adult sites, leading to the Fallout or
Publish At:2020-04-07 14:49 | Read:1045 | Comments:0 | Tags:Exploits and vulnerabilities copycat criminals copycat sites

Exploit kits: fall 2019 review

Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we’re seeing new exploit kits emerge. Based on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising
Publish At:2019-11-19 16:50 | Read:1914 | Comments:0 | Tags:Exploits and vulnerabilities Capesand EK exploit kit Fallout

Five years later, Heartbleed vulnerability still unpatched

The Heartbleed vulnerability was introduced into the OpenSSL crypto library in 2012. It was discovered and fixed in 2014, yet today—five years later—there are still unpatched systems.  This article will provide IT teams with the necessary information to decide whether or not to apply the Heartbleed vulnerability fix. However, we caution: The latter c
Publish At:2019-09-20 11:20 | Read:1816 | Comments:0 | Tags:Exploits and vulnerabilities cryptography EKs exploit kits e

Tools