HackDig : Dig high-quality web security articles for hacker

OpenSSL patches vulnerabilities discovered with Google OSS-Fuzz fuzzing service

OpenSSL patches two low and medium severity vulnerabilities that were discovered by using Google’s open source OSS-Fuzz fuzzing service. The medium severity vulnerability tracked as CVE-2017-3736 was addressed with the release of OpenSSL 1.1.0g and 1.0.2m. The flaw is a carry propagating bug in the x86_64 Montgomery squaring procedure, it affects processors
Publish At:2017-11-03 08:40 | Read:162 | Comments:0 | Tags:Breaking News Hacking Security Google OpenSSL. encryption os

Threat actors using default SSH credentials to hijack Ethereum miners

Attackers scanned for the entire IPv4 range and look for Ethereum miners with open SSH connections. Hackers target Ethereum-mining farms in the attempt to hijack the funds by replacing the user’s wallet with their one. The attacks were first spotted on Monday, threat actors attempted to change the default configuration of Ethereum miners. “Illicit digi
Publish At:2017-11-03 08:40 | Read:140 | Comments:0 | Tags:Breaking News Hacking cryptocurrency Cybercrime Ethereum min

2014 Data Breach – 46.2 Million Malaysian Mobile phone numbers leaked online

46.2 Million Malaysian Mobile phone numbers leaked online, authorities confirmed data were stolen from government servers and databases at a dozen telcos. Millions of Malaysians have been affected by a major data breach, hackers have accessed 46.2 million cellphone accounts after they broke into government servers and databases at a dozen telcos in the count
Publish At:2017-11-02 14:15 | Read:304 | Comments:0 | Tags:Breaking News Data Breach data breach data leak Hacking Mala

Undetectable ATM shimmers used to steal Chip Based Card worldwide

Crooks continue using skimmers in card frauds, these devices are becoming even more sophisticated, last wave of attacks leverages on so-called Shimmers. Crooks continue to skimmers in payment card frauds, these devices are becoming even more sophisticated. The number of cyber attacks against ATM involving so-called ‘insert skimmers’ is increasing. Insert Ski
Publish At:2017-11-02 14:15 | Read:207 | Comments:0 | Tags:Breaking News Cyber Crime Hacking

White hat hackers earn over $500,000 for mobile exploits at Mobile Pwn2Own 2017 competition

Let’s see what has happened at Mobile Pwn2Own 2017 competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. Here we are discussing once again of the Mobile Pwn2Own competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. White hat hackers earned more than half a milli
Publish At:2017-11-02 14:15 | Read:195 | Comments:0 | Tags:Breaking News Hacking Mobile mobile Mobile Pwn2Own 2017 comp

MBR-ONI ransomware involved in targeted attacks against Japanese organizations

MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, experts speculate it was used to cover larger hacking campaigns. MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, it is a bootkit ransomware that uses a modified version of the legitimate open-source disk encryption utility DiskCryptor to encrypt the fi
Publish At:2017-11-01 19:50 | Read:124 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Hacking malware

Oracle issues an emergency patch for a bug in Oracle Identity Manager, apply it now!

Oracle fixed a flaw in Oracle Identity Manager that was rated with a CVSS v3 score of 10.0 and can result in complete compromise of the software via an unauthenticated network attack. Oracle issued an emergency patch for a vulnerability in Oracle Identity Manager, the flaw tracked as CVE-2017-10151 was rated 10 in severity on the CVSS scale. “This Secu
Publish At:2017-11-01 19:50 | Read:179 | Comments:0 | Tags:Breaking News Security CVE-2017-10151 Hacking Oracle Identit

WordPress releases the version 4.8.3 to address a serious SQL Injection vulnerability

WordPress developers fixed a serious SQL injection vulnerability on Tuesday with the release of version 4.8.3.. Apply it as soon as possible. WordPress developers fixed a serious SQL injection vulnerability that was reported by the researcher Anthony Ferrara,  VP of engineering at Lingo Live. The issue was addressed on Tuesday with the release of version 4.8
Publish At:2017-11-01 19:50 | Read:116 | Comments:0 | Tags:Breaking News Hacking SQL injection WordPress version 4.8.3

Silence Group is borrowing Carbanak TTPs in ongoing bank attacks

A cybercrime gang called Silence targeted at least 10 banks in Russia, Armenia, and Malaysia borrowing hacking techniques from the Carbanak group. A cybercrime gang called Silence targeted at least 10 banks in Russia, Armenia, and Malaysia borrowing hacking techniques from the dreaded Carbanak hacker group that stole as much as $1 billion from banks worldwid
Publish At:2017-11-01 19:50 | Read:119 | Comments:0 | Tags:Breaking News Cyber Crime Malware banking Cybercrime Hacking

Experts spotted a new strain of the Sage Ransomware that implements Anti-Analysis capabilities

Security experts from Fortinet spotted a new strain of the Sage ransomware that included new functionalities, such as anti-analysis capabilities. Sage 2.0 is a new ransomware first observed in December and not now it is distributed via malicious spam. Sage is considered a variant of CryLocker ransomware, it is being distributed by the Sundown and RIG exploit
Publish At:2017-11-01 01:25 | Read:289 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Hacking malware

Email spoofing and Spams

What is email spoofing?Email spoofing is the technique of sending email to others with a forged sender’s address.What is spamming?Spamming is an automated process of sending “junk” emails.This automation process can be used negatively by sending fraud messages to millions of users asking them about their credit card details and other
Publish At:2017-10-31 23:55 | Read:167 | Comments:0 | Tags:Hacking

Major Ways of Stealing Sensitive Data

Description:There are various methods that hackers use to steal sensitive data:Packet sniffing –Packet sniffing, also known as packet analyzing, captures data from computer networks. The instruments that are typically used by system professionals too are the packet sniffers and protocol analyzers. For example, if you deploy communications protocol site
Publish At:2017-10-31 23:55 | Read:201 | Comments:0 | Tags:Computer Forensics Investigations Hacking

Hashcat 4.0.0 now can crack passwords and salts up to length 256

The new version of the tool, Hashcat 4.0.0 release is now available and includes the support to crack passwords and salts up to length 256. Hashcat is likely the world’s fastest password recovery tool that is released as free software. It is available for Windows, Linux and OS X, and it is distributed as CPU-based or GPU-based applications. The new ver
Publish At:2017-10-31 06:55 | Read:166 | Comments:0 | Tags:Breaking News Hacking Hashcat password cracking

Industrial Products of many vendors still vulnerable to KRACK attack

Many industrial networking devices from various vendors are still vulnerable to the recently disclosed KRACK attack (Key Reinstallation Attack). Many industrial networking devices are vulnerable to the recently disclosed KRACK attack (Key Reinstallation Attack), including products from major vendors such as Cisco, Rockwell Automation, and Sierra Wireless. A
Publish At:2017-10-31 06:55 | Read:151 | Comments:0 | Tags:Breaking News Hacking KRACK attack Wi-Fi WPA2

New Dutch legal framework could cause Mozilla to take off the Dutch CA from its trust list.

Mozilla would remove the Dutch CA, the CA of the Staat de Nederlanden, from its trust list due to the new national legal framework. The Dutch Information and Security Services Act will come into force in January 2018 and one of the main effects of the new legal framework is that country’s certificate authority, CA of the Staat de Nederlanden, could be
Publish At:2017-10-31 06:55 | Read:187 | Comments:0 | Tags:Breaking News Digital ID Hacking Intelligence Certification

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud