HackDig : Dig high-quality web security articles

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports
Publish At:2023-10-17 07:17 | Read:321963 | Comments:0 | Tags:APT reports APT Backdoor Chinese-speaking cybercrime Cyber e

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPa
Publish At:2023-10-10 21:38 | Read:336334 | Comments:0 | Tags:Security Tools Time to Patch Adam Barnett Amazon apple Cloud

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a brief
Publish At:2023-09-29 08:10 | Read:355192 | Comments:0 | Tags:APT Breaking News Cyber warfare Data Breach Hacking Intellig

QR codes in email phishing

QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don’t see lots of QR codes in email: users often read messages on their phones w
Publish At:2023-09-27 07:16 | Read:281770 | Comments:0 | Tags:Spam and phishing Microsoft Phishing Phishing websites QR-co

Microsoft AI researchers accidentally exposed terabytes of sensitive data

Warnings about including credentials, keys, and tokens when sharing code on publicly accessible repositories shouldn’t be necessary. It should speak for itself that you don’t just hand over the keys to your data. But what if a misconfiguration ends in a supposed internal storage account becoming suddenly accessible to everyone? That's h
Publish At:2023-09-19 22:07 | Read:338236 | Comments:0 | Tags:Business News blob SAS Microsoft Wiz secrets

ThemeBleed exploit is another reason to patch Windows quickly

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed comput
Publish At:2023-09-18 22:07 | Read:351539 | Comments:0 | Tags:Exploits and vulnerabilities News theme themepack Microsoft

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has added these two vulnerabilities to its Known Exploited V
Publish At:2023-09-13 22:07 | Read:675364 | Comments:0 | Tags:Business Exploits and vulnerabilities News Microsoft Adobe A

FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being
Publish At:2023-09-13 21:37 | Read:587989 | Comments:0 | Tags:A Little Sunshine Data Breaches The Coming Storm Airbus Brea

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing act
Publish At:2023-09-12 21:37 | Read:594840 | Comments:0 | Tags:Time to Patch adobe apple Automox CVE-2023-26369 CVE-2023-36

QR codes used to phish for Microsoft credentials

Researchers have published details about a phishing campaign that uses QR codes to phish for Microsoft credentials. A QR (Quick Response) code is a kind of two-dimensional barcode that holds encoded data in a graphical black-and-white pattern. The data that a QR code stores can include URLs, email addresses, network details, Wi-Fi passwords, serial numbers,
Publish At:2023-08-21 22:06 | Read:1041822 | Comments:0 | Tags:News QR codes attachment phishing Bing Microsoft credentials

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them to instal
Publish At:2023-08-09 01:34 | Read:842078 | Comments:0 | Tags:Security Tools Time to Patch adobe CVE-2023-21709 CVE-2023-3

Teach a Man to Phish and He’s Set for Life

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft
Publish At:2023-08-04 17:25 | Read:1085722 | Comments:0 | Tags:A Little Sunshine Latest Warnings Web Fraud 2.0 Check Point

Zero-day deploys remote code execution vulnerability via Word documents

An unpatched zero-day vulnerability is currently being abused in the wild, targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of: …a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilit
Publish At:2023-07-14 02:03 | Read:1502107 | Comments:0 | Tags:Business microsoft zero-day exploit CVE-2023-36884 storm-097

Update now! Microsoft patches a whopping 130 vulnerabilities

It’s that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has already added these four vulnerabilities to the catalo
Publish At:2023-07-12 22:04 | Read:1240029 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft Adobe Apple Andr

Anonymous Sudan claims to have stolen 30 million Microsoft’s customer accounts

Microsoft denied the data breach after the collective of hacktivists known as Anonymous Sudan claimed to have hacked the company. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure. A collective known as Anonymous Sudan (aka Storm-1
Publish At:2023-07-03 19:24 | Read:1307208 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Hacking Hacktivism Ano

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud