HackDig : Dig high-quality web security articles

Hackers compromised APKPure client to distribute infected Apps

APKPure, one of the largest alternative app stores, was the victim of a supply chain attack, threat actors compromised client version 3.17.18 to deliver malware. Multiple security experts discovered threat actors tampered with the APKPure client version 3.17.18 of the popular alternative third-party Android app store. APKPure is available only on devi
Publish At:2021-04-10 15:44 | Read:97 | Comments:0 | Tags:Breaking News Cyber Crime Malware Android APKPure Hacking in

Crooks abuse website contact forms to deliver IcedID malware

Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from Microsoft have uncovered a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Threat actors behind the operation are using contact forms published on websites to del
Publish At:2021-04-10 11:49 | Read:118 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Hacking hacking

This man was planning to kill 70% of Internet in a bomb attack against AWS

The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet. The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack against Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. The man was attempting to buy C-4 p
Publish At:2021-04-10 07:54 | Read:132 | Comments:0 | Tags:Breaking News Cyber Crime Amazon AWS bomb attack Hacking hac

Zerodium will pay $300K for WordPress RCE exploits

Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system. Zero-day broker Zerodium has tripled the payouts for exploits for the WordPress content management system that could be used to achieve remote code execution. Zerodium announced via Twitter that is tempora
Publish At:2021-04-09 20:11 | Read:145 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Cisco will not release updates to fix critical RCE flaw in EoF Business Routers

Cisco announced it will not release security updates to address a critical security vulnerability affecting some of its Small Business routers. Cisco is urging customers that are using some of its Small Business routers to replace their devices because they will no longer receive security updates. According a security advisory published by the company
Publish At:2021-04-09 14:05 | Read:200 | Comments:0 | Tags:Breaking News Security Cisco Small Business Routers Hacking

Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool

The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever. The Pwn2Own 2021 hacking competition reached the end, participants earned more than $1.2 million which is more than ever paid out at this contest. White hat hackers demonstrated exploits for Safari, Chrome, Edge, Windows 10,
Publish At:2021-04-09 11:30 | Read:93 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

330K stolen payment cards and 895K stolen gift cards sold on dark web

A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the dark web. A crook has sold 895,000 gift cards and over 300,000 payment cards, for a total of US$38 million, on a  top-tier Russian-language hacking forum on the dark web. The criminal actor was spotted offering a huge amount of cards in February
Publish At:2021-04-09 04:35 | Read:162 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Cybercrime gift cards Hac

Moodle flaw exposed users to account takeover

Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (wit
Publish At:2021-04-08 16:53 | Read:127 | Comments:0 | Tags:Breaking News Hacking education information security news IT

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Days after a massive Facebook data leak made the headlines, 500 million LinkedIn users are being sold online, seller leaked 2 million records as proof. Original Post at https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 mil
Publish At:2021-04-08 12:59 | Read:49 | Comments:0 | Tags:Breaking News Security data scraping Hacking hacking news in

Pwn2Own 2021 Day 2 – experts earned $200K for a zero-interaction Zoom exploit

Pwn2Own 2021 – Day 2: a security duo earned $200,000 for a zero-interaction Zoom exploit allowing remote code execution. One of the most interesting working exploits of the second day of the Pwn2Own 2021 was demonstrated by security researchers Daan Keuper and Thijs Alkemade from Computest. The duo successfully targeted Zoom Messenger in the Enterpr
Publish At:2021-04-08 12:59 | Read:66 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Swarmshop – What goes around comes around: hackers leak other hackers’ data online

Group-IB, a global threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames,
Publish At:2021-04-08 12:59 | Read:185 | Comments:0 | Tags:Breaking News Cyber Crime carding Hacking hacking news infor

User database was also hacked in the recent hack of PHP ‘s Git Server

The maintainers of the PHP programming language confirmed that threat actors may have compromised a user database containing their passwords. The maintainers of the PHP programming language have provided an update regarding the security breach that took place on March 28. Unknown attackers hacked the official Git server of the PHP programming language
Publish At:2021-04-08 05:44 | Read:76 | Comments:0 | Tags:Breaking News Data Breach Hacking hacking news information s

Man arrested after hired a hitman on the dark web

A joint operation of Europol and the Italian Postal and Communication Police resulted in the arrest of an Italian national who hired a hitman on the dark web. Europol and the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni) arrested an Italian national as part of the “Operation Hitman” because he is suspected of
Publish At:2021-04-08 05:11 | Read:45 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Cybercrime Dark Web Europ

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Attackers are actively exploiting the CVE-2018-13379 flaw in Fortinet VPN to deploy the Cring ransomware to organizations in the industrial sector. Threat actors are actively exploiting the CVE-2018-13379 vulnerability in Fortinet VPNs to deploy a new piece of ransomware, tracked as Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom), to o
Publish At:2021-04-07 20:30 | Read:143 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cring ransomware CVE-2018-

Pwn2Own 2021 Day 1 – participants earned more than $500k

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations. The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), describ
Publish At:2021-04-07 13:35 | Read:97 | Comments:0 | Tags:Breaking News Hacking Bug Bounty information security news I