HackDig : Dig high-quality web security articles for hacker

Identifying Sources of Leaks with the Gmail “+” Feature

For years, Google is offering two nice features with his gmail.com platform to gain more power of your email address. You can play with the “+” (plus) sign or “.” (dot) to create more email addresses linked to your primary one. Let’s take an example with John who’s the owner of john.doe@gmail.com. John can share the email
Publish At:2017-05-13 15:50 | Read:3144 | Comments:0 | Tags:Security Dump Google leak Passwords

Denmark blamed Russia APT28 group for cyber intrusions in Defense Ministry Emails

Denmark on Monday denounced Russia after the publication of a report that accused Russian APT28 of hacking the defense ministry’s email accounts. Today the Danish Government officially blamed Russia for cyber attacks against its Defense Ministry. Denmark denounced a cyber intrusion in several Defense Ministry’s email accounts. The accusation com
Publish At:2017-04-26 07:51 | Read:2184 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking APT28 cyber espionag

Over 70% of Android Devices Don’t Have Latest Security Patch Installed

According to recent research, the majority of Android devices are running security patches that are months old, leaving users vulnerable to attacks.Mobile security company Skycure released the findings of its Q4 2016 Mobile Threat Intelligence Report, revealing that over 70 percent of Android phones lack the latest security patches.The company evaluated Andr
Publish At:2017-03-25 05:00 | Read:2632 | Comments:0 | Tags:Latest Security News Android Google mobile patch

Clever Gmail Phishing Scam Tricked Even Technical Users

A Gmail phishing campaign is clever enough to have almost tricked or successfully fooled multiple technical users.The attack, which other contributors to The State of Security have spotted, begins when a Gmail user receives an email. Oftentimes, the message comes from someone they know whose account has already been compromised. The email appears to contain
Publish At:2017-03-20 14:30 | Read:2240 | Comments:0 | Tags:Latest Security News Gmail Google Phishing

Is E2EMail a new beginning or the end for Google’s End-to-End?

Google’s end-to-end email encryption project that it started back in 2014 has left home. But has the Chrome extension really “flown the nest” as Google claimed last week? Or has it simply been abandoned and left to fend for itself?Turn back the clocks to 2013. Google promises end-to-end encryption in an effort to regai
Publish At:2017-03-01 22:10 | Read:2726 | Comments:0 | Tags:Google Google Chrome Privacy email encryption open-source

The Google E2EMail is now fully community-driven open source project

Google has now announced that E2EMail is no more a Google product, instead, it has become a “fully community-driven open source project.” The End-to-End crypto library is a core component of several projects of the IT giant such as the E2EMail, a Chrome app that runs independent of the normal Gmail web interface and allows non-technical users to exchange enc
Publish At:2017-03-01 19:40 | Read:2205 | Comments:0 | Tags:Breaking News Digital ID E2EMail encryption Google PGP Pierl

CVE-2017-0037 – Google Project Zero discloses another unpatched Microsoft Edge and IE Vulnerability

The researchers at Google’s Project Zero have revealed another flaw, tracked as CVE-2017-0037, that affects Microsoft Edge and IE. It has happened again, the researchers at Google’s Project Zero have revealed another flaw, tracked as CVE-2017-0037, in Microsoft products. The flaw affects Microsoft’s Internet Explorer and Edge browsers, it w
Publish At:2017-02-27 12:20 | Read:2509 | Comments:0 | Tags:Breaking News Hacking CVE-2017-0037 Google IE Vulnerability

The Internet’s Freshest Wounds: My Thoughts On Ticketbleed, Cloudbleed and HTTPS

UPDATE 2/24/17, 4:30 PM PST: Researcher Hanno Böck (@hanno) has confirmed that leaked CloudFlare data was not entirely purged from multiple search engine caches ahead of the public disclosure.In April 2014, the security community was shocked with the revelation that a poorly implemented TLS extension in OpenSSL could allow attackers to easily disclose privat
Publish At:2017-02-25 03:05 | Read:4112 | Comments:0 | Tags:IT Security and Data Protection Cloudbleed Cloudflare Google

Out-of-band resource load in Google allows attacker to launch a DDoS attack from its servers

A security researcher discovered an Out-of-band resource load flaw in Google’s servers that allowed him to perform a DDoS attack on remote hosts. Young security researcher, Luka Sikic from Croatia found a serious vulnerability in Google. He was able to servers of the IT giant to perform a DDoS attack on remote hosts. Out-of-band resource load (classifi
Publish At:2017-02-24 10:20 | Read:3433 | Comments:0 | Tags:Breaking News Hacking DDoS Google Out-of-band resource load

How Google Took on Mirai, KrebsOnSecurity

The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault. The site resurfaced three days later under the aegis of Google’s Project Shield, an initiative which seeks to protect
Publish At:2017-02-04 00:50 | Read:2850 | Comments:0 | Tags:Other anna-senpai Ars Technica Damian Menscher Dan Goodin DD

Hacker discovered security flaws in Amazon, Apple and Google epub services

A hacker discovered a XXE flaw in the EpubCheck library that affects major epub services causing information disclosure and denial of service conditions. The security expert and bug hunter Craig Arendt (@craig_arendt) has discovered flaws in major eBook readers including the ones commercialized by Amazon, Apple, and Google. The expert discovered different XM
Publish At:2017-01-27 18:40 | Read:3417 | Comments:0 | Tags:Breaking News Hacking Amazon Apple epub services EpubCheck l

Gmail will stop allowing JavaScript (.js) file attachments starting February 13, 2017

Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. JavaScripts files, like many other file types (i,e, .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd) could r
Publish At:2017-01-27 00:15 | Read:3336 | Comments:0 | Tags:Breaking News Hacking Security Gmail Google Javascript malwa

Fired IT Employee Demands $200K in Exchange for Unlocking Data

A fired IT employee demanded his former employer pay him 200,000 USD in exchange for the return of its sensitive information.Triano Williams hired attorney Calvita J. Frederick to represent him in a dispute involving the American College of Education, an Indianapolis-based online provider of Master’s and Doctorate degrees in teaching at which he previo
Publish At:2017-01-18 11:45 | Read:2632 | Comments:0 | Tags:Latest Security News data Google password

Going Inside an Arbitrary Kernel Write Vulnerability in the Nexus 9 (CVE-2016-3873)

The IBM X-Force Application Security Research Team recently discovered an arbitrary write vulnerability in Nexus 9’s kernel (the Tegra kernel branch). Google’s Android Security Team acknowledged the vulnerability, which allows a privileged attacker to arbitrary write values within kernel space, and assigned it a high severity rating. Kernel arbit
Publish At:2017-01-17 18:05 | Read:3212 | Comments:0 | Tags:Mobile Security Software & App Vulnerabilities X-Force Resea

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes

Co-authored by Michael Goberman. In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 &a
Publish At:2017-01-05 22:25 | Read:3987 | Comments:0 | Tags:Advanced Threats Mobile Security Software & App Vulnerabilit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud