HackDig : Dig high-quality web security articles

Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key

Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA key
Publish At:2022-08-11 02:05 | Read:41 | Comments:0 | Tags:Breaking News Hacking Security CISCO CISCO ASA Cisco FTD inf

Ex Twitter employee found guilty of spying for Saudi Arabian government

A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. “Ahmad Abouammo, a US resident born in Egypt, was found guilty by a jury Tuesday of charges inc
Publish At:2022-08-11 02:05 | Read:38 | Comments:0 | Tags:Breaking News Cyber Crime Intelligence Security Social Netwo

Cisco was hacked by the Yanluowang ransomware gang

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Ta
Publish At:2022-08-10 17:33 | Read:117 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware CISCO Cybercrime h

Experts found 10 malicious packages on PyPI used to steal developers’ data

10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers. The researchers p
Publish At:2022-08-10 13:23 | Read:97 | Comments:0 | Tags:Breaking News Hacking Malware Security Cybercrime hacking ne

Risky Business: Enterprises Can’t Shake Log4j flaw

70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many Global 2000 firms are still fighting to mitigate the digital assets and business risks associated with Log
Publish At:2022-08-10 13:23 | Read:152 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Hackers behind Twilio data breach also targeted Cloudflare employees

Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees and their family members received text messages on their personal and work phones. According to th
Publish At:2022-08-10 10:01 | Read:94 | Comments:0 | Tags:Breaking News Hacking CloudFlare hacking news information se

CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw, tracked as CVE-2022-30333 (CVSS score: 7.5), in the UnRAR utility to its Known Exploited Vulnerabilities Cata
Publish At:2022-08-10 08:10 | Read:75 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656

VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware warns its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The flaw was discovered by security researcher Petr
Publish At:2022-08-10 05:27 | Read:125 | Comments:0 | Tags:Breaking News Security CVE-2022-31656 hacking news IT Inform

Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day

Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Re
Publish At:2022-08-09 17:33 | Read:88 | Comments:0 | Tags:Breaking News Security information security news IT Informat

Experts linked Maui ransomware to North Korean Andariel APT

Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group,  North Korean nation-state actors used Maui ransomware to encrypt s
Publish At:2022-08-09 13:23 | Read:139 | Comments:0 | Tags:APT Breaking News Hacking Malware Andariel Andariel APT info

Chinese actors behind attacks on industrial enterprises and public institutions

China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in s
Publish At:2022-08-09 11:10 | Read:110 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Cyberes

US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korea. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned the crypto mixer service Tornado Cash used by North Korean-linked Lazarus APT Group. Today, Treasury sanctioned vi
Publish At:2022-08-09 08:10 | Read:143 | Comments:0 | Tags:APT Breaking News Cyber Crime Digital ID Hacking hacking new

Malicious file analysis – Example 01

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. For this first one, I’ll briefly introduce some crucial
Publish At:2022-08-09 05:27 | Read:78 | Comments:0 | Tags:Breaking News Malware Hacking hacking news IT Information Se

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. &
Publish At:2022-08-08 21:31 | Read:163 | Comments:0 | Tags:Breaking News Cyber Crime Digital ID Malware Hacking hacking

Twilio discloses data breach that impacted customers and employees

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS ph
Publish At:2022-08-08 15:20 | Read:143 | Comments:0 | Tags:Breaking News Data Breach Hacking Cybercrime hacking news in

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud