HackDig : Dig high-quality web security articles

FBI warns of hackers selling credentials for U.S. college networks

Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States.This type of advertisement is present on both publicly available cybercriminal online forums as well as marketplaces on the dark web.Thousands of creds for saleThe Federal Bureau of Investigation (FBI) has
Publish At:2022-05-27 18:51 | Read:66 | Comments:0 | Tags:Security FBI hack

A Problem Like API Security: How Attackers Hack Authentication

There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist performing a glis
Publish At:2022-05-26 02:13 | Read:108 | Comments:0 | Tags:API Security Featured Articles Access Management API Authent

Darknet market Versus shuts down after hacker leaks security flaw

​The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers.When conducting criminal activities online, dark web marketplaces must keep their physical assets hidden; otherwise, their ope
Publish At:2022-05-25 14:53 | Read:190 | Comments:0 | Tags:Security security hack

Hacker of Python, PHP libraries: no "malicious activity" was intended

Yesterday, developers took notice of two hugely popular Python and PHP libraries, respectively, 'ctx' and 'PHPass' that had been hijacked, as first reported in the news by BleepingComputer.Both of these legitimate open source projects had been altered to steal developer's AWS credentials.Considering 'ctx' and 'PHPass' have together garner
Publish At:2022-05-25 10:55 | Read:121 | Comments:0 | Tags:Security hack

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages.Tracked from CVE-2022
Publish At:2022-05-25 10:31 | Read:116 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Notorious Vietnamese Hacker Turns Government Cyber Agent

At the height of his career, Vietnamese hacker Ngo Minh Hieu made a fortune stealing the personal data of hundreds of millions of Americans.Now he has been recruited by his own authoritarian government to hunt, he says, the kind of cyber criminal he once used to be.After serving seven years in US prisons for stealing some 200 million Americans' personal deta
Publish At:2022-05-25 09:12 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Cybercrime cyber hack

Hackers target Russian govt with fake Windows updates pushing RATs

Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.The attacks are being conducted by a previously undetected APT (advanced persistent threat) group believed to be operating from China, who are linked to four separate spear-phishing campaigns.Thes
Publish At:2022-05-24 18:51 | Read:163 | Comments:0 | Tags:Security hack

Trend Micro fixes bug Chinese hackers exploited for espionage

Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.As Sentinel Labs revealed in an early-May report, the attackers exploited the fact that security products run with high privileges on Windows to plant and load their own maliciously crafted DLL into
Publish At:2022-05-24 14:53 | Read:139 | Comments:0 | Tags:Security exploit hack

Hackers Can 'Pre-Hijack' Online Accounts Before They Are Created by Users

Threat actors could gain access to users’ online accounts by leveraging a new type of technique that involves pre-hijacking an account before it’s actually registered by the victim.“Account pre-hijacking” is a new class of attacks that can be used to gain access to a targeted account, and many online services could be vulnerable.Account pre-hijacking was ana
Publish At:2022-05-24 09:12 | Read:81 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities ha

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute “good faith” security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solely for purposes of good-faith testing, investigation
Publish At:2022-05-24 08:33 | Read:137 | Comments:0 | Tags: security hack

Hackers can hack your online accounts before you even register them

Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.Andrew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security
Publish At:2022-05-23 14:53 | Read:154 | Comments:0 | Tags:Security hack

Russian hackers perform reconnaissance against Austria, Estonia

In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College.This discovery comes from cybersecurity firm Sekoia, which built upon previous findings of Google’s TAG, which has been following Russian hackers closely this year.Google
Publish At:2022-05-23 10:55 | Read:214 | Comments:0 | Tags:Security hack

Has the UK government been hacked

When it comes to top secret government IT systems, spyware is used for just one task – spying. So serious questions were raised when security researchers from the digital rights watchdog Citizen Lab detected potential spyware infections in UK government systems. Not your typical spyware For most of us, spyware is designed to steal sensitive personal data lik
Publish At:2022-05-23 08:47 | Read:214 | Comments:0 | Tags:Security pegasus security Spyware hack

Windows 11 hacked three more times on last day of Pwn2Own contest

On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits.The first attempt of the day targeting Microsoft Teams failed after Team DoubleDragon could not demo their exploit within the allotted time.All other contestants hac
Publish At:2022-05-21 14:53 | Read:200 | Comments:0 | Tags:Security hack

Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system.The first demonstration of the day came from the @Synacktiv team, who successfully demoed two unique bugs (Double-Free & OOBW) and a sandbox escape collision whil
Publish At:2022-05-20 10:55 | Read:103 | Comments:0 | Tags:Security hack


Share high-quality web security related articles with you:)
Tell me why you support me <3