HackDig : Dig high-quality web security articles

LofyLife: malicious npm packages steal Discord tokens and bank card data

On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. Description of the proc-title package (Tra
Publish At:2022-07-28 09:07 | Read:376 | Comments:0 | Tags:Incidents Data theft JavaScript Malware Descriptions Node.js

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers from the nao_sec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool (MSDT) that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the document containing the exploit, or open it in Protected Mode.
Publish At:2022-06-06 06:16 | Read:978 | Comments:0 | Tags:Incidents Microsoft Office MSDT Vulnerabilities and exploits

Spring4Shell (CVE-2022-22965): details and mitigations

p>Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework’s popularity. By analogy with the infamous Log4Shell threat, the vulnerabilit
Publish At:2022-04-04 11:40 | Read:1703 | Comments:0 | Tags:Incidents Java Malware Descriptions Vulnerabilities and expl

The Obsession with Faster Cybersecurity Incident Reporting

Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting
Publish At:2022-03-22 06:03 | Read:1566 | Comments:0 | Tags:Featured Articles Regulatory Compliance incident response in

Elections GoRansom – a smoke screen for the HermeticWiper attack

Executive summary On February 24, 2022, Avast Threat Research published a tweet announcing the discovery of new Golang ransomware, which they called HermeticRansom. This malware was found around the same time the HermeticWiper was found, and based on publicly available information from security community it was used in recent cyberattacks in Ukraine. The new
Publish At:2022-03-01 10:04 | Read:1801 | Comments:0 | Tags:Incidents Malware Descriptions Malware Technologies Ransomwa

CVE-2021-44228 vulnerability in Apache Log4j library

CVE-2021-44228 summary Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). The threat, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If an attacker manages to exploit it on a vulnerable server, they gain
Publish At:2021-12-13 11:15 | Read:2969 | Comments:0 | Tags:Incidents Malware Descriptions Vulnerabilities and exploits

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

Summary Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In attempt to exploit this vulnerability, attackers create a document with a specially-crafted object. If a user opens
Publish At:2021-09-17 08:37 | Read:1778 | Comments:0 | Tags:Incidents Malware Descriptions Microsoft Microsoft Internet

Triada Trojan in WhatsApp MOD

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the option of viewing messages that have been deleted by the sender. Thi
Publish At:2021-08-24 08:05 | Read:44 | Comments:0 | Tags:Incidents Malware descriptions Google Android Instant Messen

Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz (also known as Mekotio) cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe. Grandoreiro is a banking Trojan malware family that initi
Publish At:2021-07-14 15:34 | Read:1532 | Comments:0 | Tags:Incidents Brazil Cybercrime Financial malware Law Enforcemen

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Summary Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). Both vulnerabilities can be used by an attacker with a regular user account to take control of a vulnerable server or client machine that runs the Windows Print Spooler service. This se
Publish At:2021-07-08 01:25 | Read:1750 | Comments:0 | Tags:Incidents Malware Descriptions Microsoft Windows Security te

REvil ransomware attack against MSPs and its clients around the world

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims have reportedly been compromised through a popular MSP software which led to encryption of their customers. The total number of encrypted businesses could run into thousands. REvil ransomware h
Publish At:2021-07-05 11:21 | Read:2287 | Comments:0 | Tags:Incidents Research Cybercrime RaaS Ransomware Supply-chain a

Malicious code in APKPure app

Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source. We notified t
Publish At:2021-04-09 13:17 | Read:2122 | Comments:0 | Tags:Incidents Code injection Google Android Malware Technologies

Zero-day vulnerabilities in Microsoft Exchange Server

What happened? On March 2, 2021 several companies released reports about in-the-wild exploitation of zero-day vulnerabilities inside Microsoft Exchange Server. The following vulnerabilities allow an attacker to compromise a vulnerable Microsoft Exchange Server. As a result, an attacker will gain access to all registered email accounts, or be able to execute
Publish At:2021-03-04 13:55 | Read:1882 | Comments:0 | Tags:Incidents Malware Microsoft Ransomware Vulnerabilities and e

Sunburst: connecting the dots in the DNS requests

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting and rather unique features. We spent the past days checking our
Publish At:2020-12-18 10:00 | Read:2241 | Comments:0 | Tags:APT reports Incidents Backdoor Malware Descriptions Malware

Mokes and Buerak distributed under the guise of security certificates

The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite potential victims to install a new version of a browser or Adobe Flash Player. However, we recently discovered a new approach to this well-known method: visitors to infected sites were informed that some kind of security certifica
Publish At:2020-03-05 08:33 | Read:3211 | Comments:0 | Tags:Featured Incidents Backdoor Digital Certificates Trojan Vuln


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud