HackDig : Dig high-quality web security articles for hacker

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any informa
Publish At:2019-10-04 11:20 | Read:236 | Comments:0 | Tags:Threat analysis carbanak colbalt group credit cards data the

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:3779 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzing the message, I understood that I was just peeking at the top
Publish At:2017-08-24 05:50 | Read:2578 | Comments:0 | Tags:Incidents Adware Facebook JavaScript Social networks

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

by Lenart Bermejo, Ronnie Giagone, Rubio Wu, and Fyodor Yarochkin  A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts;
Publish At:2017-08-07 10:55 | Read:2988 | Comments:0 | Tags:Exploits Malware backdoor CVE-2017-0199 JavaScript Powershel

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

In the previous three chapters of this series, we discussed ways for developers to put their hacker hats on and program defensively to prevent security bugs from cropping up in their software. We described the nature of SQL injection, OS command injection and buffer overflow attacks. We did not, however, touch upon the No. 1 issue that plagues web applicatio
Publish At:2017-03-13 17:00 | Read:3792 | Comments:0 | Tags:Application Security Application Development Cross-Site Scri

KopiLuwak: A New JavaScript Payload from Turla

On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE p
Publish At:2017-02-02 20:35 | Read:5033 | Comments:0 | Tags:Blog Featured Research APT JavaScript Macros Turla

Gmail will stop allowing JavaScript (.js) file attachments starting February 13, 2017

Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. JavaScripts files, like many other file types (i,e, .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd) could r
Publish At:2017-01-27 00:15 | Read:3982 | Comments:0 | Tags:Breaking News Hacking Security Gmail Google Javascript malwa

Javascript Leads to Browser Hijacking

I came across this nasty-looking script that hijacks your browser. It appears to have been around in some shape or form since 2014 but this latest version deploys an aggressive tactic I’ve not seen before. Here’s what this script looks like: The script is composed of variables and functions but finding the beginning and ending of one is made d
Publish At:2016-10-08 18:35 | Read:3897 | Comments:0 | Tags:Malscript browser hijacking hhtxnet.com javascript wmi

Locky JS and URL Revealer

From various reports, it appears that the malicious Javascript files sent via email that pull Locky down is back. Let’s see what these scripts look like: At the bottom of the script, is this function that reverses the string above, joins the characters, then evaluates it: eval(aBN3DmdER7P.split(”).reverse().join(”)); Since we’re deal
Publish At:2016-06-23 09:05 | Read:5358 | Comments:0 | Tags:Malicious Email Malscript Tools downloader javascript locky

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:3152 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P

Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not?

Recently I’ve started some research on MikroTik’s RouterOS, the operating system that ships with RouterBOARD devices. As I’m running such a device myself, one day I got curious about security vulnerabilities that have been reported on the operating system and the running services as it comes with tons of features. Searching for known vulner
Publish At:2016-05-31 16:40 | Read:2549 | Comments:0 | Tags:Tools crypto javascript MS-CHAP-V2 PPTP python RC4 RouterOS

Clipboard poisoning attacks on the Mac

Graham Cluley drew my attention the other day to an issue that has apparently been known to some for years, but was new to me: clipboard poisoning, an issue where a website can replace what you think is on your clipboard with something else. Although this seems like an insignificant issue on first glance, it turns out that there are some very serious implica
Publish At:2016-05-28 06:35 | Read:4294 | Comments:0 | Tags:Mac Threat analysis Apple JavaScript mac safari

Pastejacking attack relies on your clipboard as an attack vector

The Pastejacking Attack exploits JavaScript to override the clipboard content and trick victims into running malicious code. The security expert Dylan Ayrey has devised a new attack technique dubbed Pastejacking attack that leverages on the victim’s clipboard. The possibility of manipulating clipboard without a victim noticing it a known for a long tim
Publish At:2016-05-25 13:05 | Read:3897 | Comments:0 | Tags:Breaking News Hacking clipboard hijacking Javascript Pastjac

Script Deobfuscator Released

The purpose of this tool is to help you perform static analysis on obfuscated scripts. It’s often easier to dynamically analyze scripts but there are times when you just don’t know where to start or you just want a high-level view of what’s going on with the script. This tool may be able to help you. I already wrote a tool called PHP Scr
Publish At:2016-02-15 18:05 | Read:3504 | Comments:0 | Tags:Malscript Tools deobfuscation javascript php script deobfusc

App Update Tool Could Endanger iOS Users

On Wednesday, FireEye posted a very detailed article about a concerning trend among iOS developers. Some developers are integrating an update library called JSPatch, used for delivering faster updates to their apps. That’s a great idea, but unfortunately, there are some serious security concerns involved. Apple exerts very tight control over the iOS Ap
Publish At:2016-01-29 23:10 | Read:2564 | Comments:0 | Tags:Mac Apple iOS iPhone JavaScript security IOS


Share high-quality web security related articles with you:)


Tag Cloud