HackDig : Dig high-quality web security articles for hackers

A scan of 4 Million Docker images reveals 51% have critical flaws

Security experts analyzed 4 million public Docker container images hosted on Docker Hub and found half of them was having critical flaws. Container security firm Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and discovered that the majority of them had critical vulnerabilities. The cybersecurity firm used its Prev
Publish At:2020-12-03 06:24 | Read:41 | Comments:0 | Tags:Breaking News Hacking Security Docker Docker Hub hacking new

Russia-linked APT Turla used a new malware toolset named Crutch

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union
Publish At:2020-12-02 18:42 | Read:100 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Malware

How to steal photos off someone’s iPhone from across the street

byPaul DucklinWell-known Google Project Zero researcher Ian Beer has just published a blog post that is attracting a lot of media attention.The article itself has a perfectly accurate and interesting title, namely: An iOS zero-click radio proximity exploit odyssey.But it’s headlines like the one we’ve used above that capture the practical essence
Publish At:2020-12-02 15:31 | Read:138 | Comments:0 | Tags:Apple iOS Vulnerability Exploit hacking Ian Beer Project Zer

APT groups targets US Think Tanks, CISA, FBI warn

Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States think tanks. APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a gre
Publish At:2020-12-02 14:48 | Read:136 | Comments:0 | Tags:APT Breaking News Hacking Intelligence CISA hacking news inf

Google discloses a zero-click Wi-Fi exploit to hack iPhone devices

Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack iPhone devices. Google Project Zero white-hat hacker Ian Beer has disclosed technical details of a critical “wormable” iOS bug that could have allowed a remote attacker to take over any device in the vicinity ove
Publish At:2020-12-02 10:54 | Read:110 | Comments:0 | Tags:Breaking News Hacking Mobile hacking news information securi

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @BadPackets 5 days ago and it is still active as of now, December
Publish At:2020-12-02 07:00 | Read:45 | Comments:0 | Tags:Breaking News Internet of Things Malware botnet Hacking hack

Malicious npm packages spotted delivering njRAT Trojan

npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’ computers. Security staff behind the npm repository removed two packages that were found containing the malicious code to install the njRAT remote access trojan (RAT) on computers of JavaScript and Node.js developers w
Publish At:2020-12-01 19:18 | Read:114 | Comments:0 | Tags:Breaking News Hacking Malware hacking news information secur

French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data

The CyberNews investigation team discovered French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data. Original post @ https://cybernews.com/security/french-pharmaceuticals-distribution-platform-leaking-1-7-tb-confidential-data/ The CyberNews investigation team discovered an unsecured, publicly accessible Kibana da
Publish At:2020-12-01 19:18 | Read:124 | Comments:0 | Tags:Breaking News Data Breach Apodis Pharma Hacking hacking news

DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882

The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. The CVE-2020-14882 can be exploited by unauthe
Publish At:2020-12-01 15:24 | Read:78 | Comments:0 | Tags:Breaking News Cyber Crime Hacking botnet CVE-2020-14882 Dark

Baltimore County Schools close after a ransomware attack

Baltimore County Schools were hit by a ransomware attack that forced them to close leaving more than 100,000 students out. Baltimore County Schools are still closed following a ransomware attack and unfortunately, at the time of this writing, it is impossible to predict when school will resume. School officials notified state and federal law enforceme
Publish At:2020-12-01 12:01 | Read:97 | Comments:0 | Tags:Breaking News Cyber Crime Malware Baltimore County Schools H

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus, Cobalt Kitty, or APT32, is deploying cryptocurrency miners while continues its cyberespionage campaigns. New blog: The threat acto
Publish At:2020-12-01 08:07 | Read:99 | Comments:0 | Tags:APT Breaking News Hacking Malware BISMUTH hacking news infor

Talos reported WebKit flaws in WebKit that allow Remote Code Execution

Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially crafted websites. Cisco’s Talos team discovered security flaws in the WebKit browser engine, including flaws that can be exploited by a remote attacker to gain code execution by tricking the user into visiting a malicious website. W
Publish At:2020-12-01 06:20 | Read:91 | Comments:0 | Tags:Breaking News Hacking WebKit

Exploring malware to bypass DNA screening and lead to ‘biohacking’ attacks

Boffins from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. A team of researchers from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare. Scientists play a crucial role in modern society, especially durin
Publish At:2020-11-30 19:54 | Read:129 | Comments:0 | Tags:Breaking News Hacking Malware hacking news information secur

Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days

TIM’s Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered 6 new vulnerabilities in the StruxureWare product. The flaws have been addressed by the manufacturer Schneider Electric, between April and November 2020.
Publish At:2020-11-30 19:54 | Read:71 | Comments:0 | Tags:Breaking News Hacking ICS-SCADA

University of Vermont Medical Center has yet to fully recover from October cyber attack

The University of Vermont Medical Center has yet to fully recover from a cyber attack that crippled systems at the Burlington hospital. In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack took place on October 28 and disrupted services at the UVM Medical Ce
Publish At:2020-11-30 08:12 | Read:59 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking hacking news infor

Tools