HackDig : Dig high-quality web security articles for hackers

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot s
Publish At:2020-03-31 08:22 | Read:359 | Comments:0 | Tags:APT reports Featured Adobe Flash Backdoor drive-by attack Ja

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim
Publish At:2020-03-10 12:32 | Read:517 | Comments:0 | Tags:Threat analysis HTTPS JavaScript Magecart skimmer skimming C

XSS plugin vulnerabilities plague WordPress users

byDanny BradburyThousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the popular WordPress ecommerce system WooCommerce.Researchers at NinTechNet found a vulnerability in the WordPress Flexible
Publish At:2020-03-03 08:07 | Read:507 | Comments:0 | Tags:Security threats Vulnerability Async cross-site scripting Fl

Domen toolkit gets back to work with new malvertising campaign

Last year, we documented a new social engineering toolkit we called “Domen” being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font. Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year,
Publish At:2020-02-28 14:45 | Read:452 | Comments:0 | Tags:Threat analysis buren ransomware Domen domen toolkit intelra

TROOPERS20 Training Teaser: Hacking Node.js & Electron apps, shells, injections and fun!

Did you know that in the ever evolving field of Web and Desktop apps, it turns out these can all now be powered with JavaScript? You read that right: JavaScript is now used to power both web apps (Node.js) as well as Desktop apps (Electron). What could possibly go wrong? So, the burning question is: how does this affect Web and Desktop app security? If you w
Publish At:2020-02-06 12:15 | Read:427 | Comments:0 | Tags:Events JavaScript TROOPERS TROOPERS20

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed th
Publish At:2019-11-12 01:05 | Read:1271 | Comments:0 | Tags:Featured Incidents Google Chrome JavaScript Proof-of-Concept

APT trends report Q3 2019

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They a
Publish At:2019-10-16 06:25 | Read:977 | Comments:0 | Tags:APT reports Featured Apple iOS APT Browser Chinese-speaking

Magecart Group 4: A link with Cobalt Group?

Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams. Magecart is a term that has become a household name, and it refers to the theft of credit card data via online stores. The most common scenario is for criminals to compromise e-commerce sites by injecting rogue JavaScript code designed to steal any informa
Publish At:2019-10-04 11:20 | Read:1039 | Comments:0 | Tags:Threat analysis carbanak colbalt group credit cards data the

OWASP Top 10 : Cross-Site Scripting #3 Bad JavaScript Imports

Need to include cross domain resources: The ever growing need of giving a rich user experience to website visitors have made the need for browsers to include cross origin resource. Sometimes these resources can be data, a frame, an image or JavaScript. For example: A website http://example.com can have the following cross origin resources: Data from websit
Publish At:2017-08-28 03:30 | Read:5386 | Comments:0 | Tags:OWASP SecureLayer7 Lab Bad JavaScript Imports Client Side At

New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzing the message, I understood that I was just peeking at the top
Publish At:2017-08-24 05:50 | Read:3567 | Comments:0 | Tags:Incidents Adware Facebook JavaScript Social networks

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

by Lenart Bermejo, Ronnie Giagone, Rubio Wu, and Fyodor Yarochkin  A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts;
Publish At:2017-08-07 10:55 | Read:5134 | Comments:0 | Tags:Exploits Malware backdoor CVE-2017-0199 JavaScript Powershel

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

In the previous three chapters of this series, we discussed ways for developers to put their hacker hats on and program defensively to prevent security bugs from cropping up in their software. We described the nature of SQL injection, OS command injection and buffer overflow attacks. We did not, however, touch upon the No. 1 issue that plagues web applicatio
Publish At:2017-03-13 17:00 | Read:5078 | Comments:0 | Tags:Application Security Application Development Cross-Site Scri

KopiLuwak: A New JavaScript Payload from Turla

On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE p
Publish At:2017-02-02 20:35 | Read:6610 | Comments:0 | Tags:Blog Featured Research APT JavaScript Macros Turla

Gmail will stop allowing JavaScript (.js) file attachments starting February 13, 2017

Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. JavaScripts files, like many other file types (i,e, .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd) could r
Publish At:2017-01-27 00:15 | Read:5045 | Comments:0 | Tags:Breaking News Hacking Security Gmail Google Javascript malwa

Javascript Leads to Browser Hijacking

I came across this nasty-looking script that hijacks your browser. It appears to have been around in some shape or form since 2014 but this latest version deploys an aggressive tactic I’ve not seen before. Here’s what this script looks like: The script is composed of variables and functions but finding the beginning and ending of one is made d
Publish At:2016-10-08 18:35 | Read:4687 | Comments:0 | Tags:Malscript browser hijacking hhtxnet.com javascript wmi

Announce

Share high-quality web security related articles with you:)

Tools