HackDig : Dig high-quality web security articles for hacker

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed th
Publish At:2019-11-12 01:05 | Read:165 | Comments:0 | Tags:Featured Incidents Google Chrome JavaScript Proof-of-Concept

APT trends report Q3 2019

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They a
Publish At:2019-10-16 06:25 | Read:284 | Comments:0 | Tags:APT reports Featured Apple iOS APT Browser Chinese-speaking

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any informa
Publish At:2019-10-04 11:20 | Read:341 | Comments:0 | Tags:Threat analysis carbanak colbalt group credit cards data the

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:4225 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzing the message, I understood that I was just peeking at the top
Publish At:2017-08-24 05:50 | Read:2803 | Comments:0 | Tags:Incidents Adware Facebook JavaScript Social networks

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

by Lenart Bermejo, Ronnie Giagone, Rubio Wu, and Fyodor Yarochkin  A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts;
Publish At:2017-08-07 10:55 | Read:3297 | Comments:0 | Tags:Exploits Malware backdoor CVE-2017-0199 JavaScript Powershel

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

In the previous three chapters of this series, we discussed ways for developers to put their hacker hats on and program defensively to prevent security bugs from cropping up in their software. We described the nature of SQL injection, OS command injection and buffer overflow attacks. We did not, however, touch upon the No. 1 issue that plagues web applicatio
Publish At:2017-03-13 17:00 | Read:4036 | Comments:0 | Tags:Application Security Application Development Cross-Site Scri

KopiLuwak: A New JavaScript Payload from Turla

On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE p
Publish At:2017-02-02 20:35 | Read:5317 | Comments:0 | Tags:Blog Featured Research APT JavaScript Macros Turla

Gmail will stop allowing JavaScript (.js) file attachments starting February 13, 2017

Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. JavaScripts files, like many other file types (i,e, .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd) could r
Publish At:2017-01-27 00:15 | Read:4176 | Comments:0 | Tags:Breaking News Hacking Security Gmail Google Javascript malwa

Javascript Leads to Browser Hijacking

I came across this nasty-looking script that hijacks your browser. It appears to have been around in some shape or form since 2014 but this latest version deploys an aggressive tactic I’ve not seen before. Here’s what this script looks like: The script is composed of variables and functions but finding the beginning and ending of one is made d
Publish At:2016-10-08 18:35 | Read:4028 | Comments:0 | Tags:Malscript browser hijacking hhtxnet.com javascript wmi

Locky JS and URL Revealer

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, joins the characters, then evaluates it: eval(aBN3DmdER7P.split(”).reverse().join(”)); Since we’re deal
Publish At:2016-06-23 09:05 | Read:5595 | Comments:0 | Tags:Malicious Email Malscript Tools downloader javascript locky

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:3295 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P

Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not?

Recently I’ve started some research on MikroTik’s RouterOS, the operating system that ships with RouterBOARD devices. As I’m running such a device myself, one day I got curious about security vulnerabilities that have been reported on the operating system and the running services as it comes with tons of features. Searching for known vulner
Publish At:2016-05-31 16:40 | Read:2783 | Comments:0 | Tags:Tools crypto javascript MS-CHAP-V2 PPTP python RC4 RouterOS

Clipboard poisoning attacks on the Mac

Graham Cluley drew my attention the other day to an issue that has apparently been known to some for years, but was new to me: clipboard poisoning, an issue where a website can replace what you think is on your clipboard with something else. Although this seems like an insignificant issue on first glance, it turns out that there are some very serious implica
Publish At:2016-05-28 06:35 | Read:4614 | Comments:0 | Tags:Mac Threat analysis Apple JavaScript mac safari

Pastejacking attack relies on your clipboard as an attack vector

The Pastejacking Attack exploits JavaScript to override the clipboard content and trick victims into running malicious code. The security expert Dylan Ayrey has devised a new attack technique dubbed Pastejacking attack that leverages on the victim’s clipboard. The possibility of manipulating clipboard without a victim noticing it a known for a long tim
Publish At:2016-05-25 13:05 | Read:4098 | Comments:0 | Tags:Breaking News Hacking clipboard hijacking Javascript Pastjac

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud