HackDig : Dig high-quality web security articles for hacker

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it.It’s a roundabout bug that turns out serious, and why I tel
Publish At:2016-01-27 16:20 | Read:3581 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking hack paypal JAVA-securi

Fortinet SSH Backdoor Found In Firewalls

So the Fortinet SSH Backdoor, apparently it’s just a management authentication issue. Sorry, what’s that? It looks like a passphrase based admin level access login via SSH to me personally.Which is scary.They are adamantly shouting from rooftops that it was not planted by a 3rd party (NSA? Like Juniper..) or any kind of malicious activity.Enterpr
Publish At:2016-01-14 02:50 | Read:4400 | Comments:0 | Tags:Exploits/Vulnerabilities Network Hacking fortidoor fortigate

Facebook Disabled Flash For Video Finally

So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities.There’s just no good reason for anyone to still be using Flash and browsers, if they don&
Publish At:2015-12-24 00:30 | Read:3414 | Comments:0 | Tags:Exploits/Vulnerabilities facebook flash flash security faceb

Critical Remote Root Zero-Day In FireEye Appliances

So FireEye doesn’t have a particularly good reputation in the security community, it’s generally not handled responsible disclosure well and it’s even taken a security firm (ERNW) to court over a vulnerability disclosure.And now there’s another critical remote root zero-day in FireEye appliances – which is scary, as these are hi
Publish At:2015-12-17 05:45 | Read:3332 | Comments:0 | Tags:Exploits/Vulnerabilities Countermeasures tavis ormandy firee

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.That’s not scary, that’s terrifying.By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, th
Publish At:2015-12-10 11:00 | Read:3796 | Comments:0 | Tags:Exploits/Vulnerabilities hacking-flash flash adobe flash sec

SprayWMI – PowerShell Injection Mass Spray Tool

SprayWMI is a method for mass spraying Unicorn PowerShell injection to CIDR notations. It’s an alternative to traditional, ‘noisy’ tools which leave something on the disk like PsExec, smbexec, winexe and so on.These tools have worked really well, however, they are fairly noisy creating a service and touching disk which will trigger modern d
Publish At:2015-12-08 04:45 | Read:4802 | Comments:0 | Tags:Exploits/Vulnerabilities Hacking Tools Windows Hacking power

VTech Hack – Over 7 Million Records Leaked (Children & Parents)

And once again, the messy technical flaws of a company are being exposed with the recent VTech hack – it’s really not looking good for them with account passwords ‘secured’ with unsalted md5 hashes and all kinds of private information being leaked includes parents addresses, kids birthdays, genders, secret answers and associated meta-
Publish At:2015-12-03 16:15 | Read:3339 | Comments:0 | Tags:Database Hacking Exploits/Vulnerabilities Privacy kids detai

TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

So it turns out the TalkTalk hack is a lot more serious than they initially tried to make it out to be, TalkTalk claimed that it’s core system wasn’t compromised and only the website was breached. But now they’ve admitted the hackers got away with bank account numbers, partial credit card numbers and dates of birth.British telecoms company
Publish At:2015-11-05 02:25 | Read:3954 | Comments:0 | Tags:Exploits/Vulnerabilities Legal Issues Privacy credit card le

Fitbit Vulnerability Means Your Tracker Could Spread Malware

So it seems there is a Fitbit vulnerability involving the BlueTooth implementation that can be used to embed self replicating malware onto the wearable fitness tracker. I actually own a Fitbit, and have had previous models too, so this is quite interesting to me.The malware could spread to your PC/Laptop if you’re using the syncing dongle, or to other
Publish At:2015-10-21 20:15 | Read:3118 | Comments:0 | Tags:Exploits/Vulnerabilities Hardware Hacking Malware fitbit fit

OWASP WebGoat – Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.In each lesson, users must demonstrate their
Publish At:2015-10-20 08:15 | Read:4223 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking deliberately insecure w

WinRAR Vulnerability Is Complete Bullshit

So Twitter exploded earlier with calls of a remote code execution WinRAR vulnerability leaving half a BILLION users open for some hardcore exploitation.I got interested (obviously..as that’s what I do here) and went to read about it, I have to call pretty sketchy, non-technical reporting from the The Register for once, it seems like it was written by a
Publish At:2015-10-01 07:05 | Read:3870 | Comments:0 | Tags:Exploits/Vulnerabilities Windows Hacking 7zip winrar winrar

XcodeGhost iOS Trojan Infected Over 4000 Apps

So the recent XcodeGhost iOS Trojan Infection has escalated quickly, an initial estimate of 39 infected apps has rapidly increased to over 4000! You can see the FireEye announcement here: Protecting Our Customers from XcodeGhostXCodeGhost is the first instance of the iOS App Store distributing a large number of trojanized apps, the malicious/infected apps st
Publish At:2015-09-24 15:25 | Read:2826 | Comments:0 | Tags:Apple Exploits/Vulnerabilities Malware apple phishing apple-

WhatsApp Web vCard Vulnerability Exposed 200M Users

So it seems there was a lot of noise about the WhatsApp Web vCard Vulnerability with over 200 Million people using the desktop version of WhatsApp – it’s a fairly large cache of users to go after. Disclosed by Check Point security, the vulnerability is exploited by sending a vCard contact containing malicious code to a WhatsApp Web user.The vulne
Publish At:2015-09-12 04:15 | Read:3930 | Comments:0 | Tags:Exploits/Vulnerabilities Web Hacking maliciouscard whatsapp

Mimikatz – Gather Windows Credentials

Mimikatz is a tool to gather Windows credentials, basically a swiss-army knife of Windows credential gathering that bundles together many of the most useful tasks that you would perform on a Windows machine you have SYSTEM privileges on. It supports both Windows 32-bit and 64-bit and allows you to gather various credential types.Techniques such as Pass the H
Publish At:2015-07-28 01:40 | Read:3279 | Comments:0 | Tags:Exploits/Vulnerabilities Hacking Tools Password Cracking Win

The Jeep HACK – What You Need To Know

So yah, the big news this week everyone is shouting about is about the Fiat Chrysler Automobiles (FCA) owned Jeep Hack involving the new Cherokee which has remote control software which allows access to the engine, aircon, audio system and brakes – basically the whole car can be controlled remotely as long as you know the IP Address.Pretty scary? To pr
Publish At:2015-07-22 22:55 | Read:3906 | Comments:0 | Tags:Exploits/Vulnerabilities Hardware Hacking chrysler security

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud