HackDig : Dig high-quality web security articles for hackers

Operation PowerFall: CVE-2020-0986 and variants

In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer 11 and an elevation of privilege exploit targeting the latest builds of Windows 10. While we already described the exploit for Internet Explorer in the original blog post, we also p
Publish At:2020-09-02 06:35 | Read:235 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Windows Vul

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for
Publish At:2020-08-12 03:19 | Read:588 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Internet Ex

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploit
Publish At:2020-05-28 06:34 | Read:598 | Comments:0 | Tags:APT reports Google Chrome Malware Technologies Microsoft Win

Dangerous Domain Corp.com Goes Up for Sale

As an early domain name investor, Mike O’Connor had by 1994 snatched up several choice online destinations, including bar.com, cafes.com, grill.com, place.com, pub.com and television.com. Some he sold over the years, but for the past 26 years O’Connor refused to auction perhaps the most sensitive domain in his stable — corp.com. It is sensi
Publish At:2020-02-08 15:35 | Read:809 | Comments:0 | Tags:Latest Warnings The Coming Storm Active Directory corp.com D

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the in
Publish At:2019-12-10 18:05 | Read:1263 | Comments:0 | Tags:Featured Research Microsoft Windows Vulnerabilities and expl

‘Petya’ Ransomware Outbreak Goes Global

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain. The ransom note that gets displayed on s
Publish At:2017-06-28 06:00 | Read:3688 | Comments:0 | Tags:Other Bitcoin DLA Piper Eternal Blue Group-IB ICSI ISACA Leg

Petya Weren’t Expecting This: Ransomware Takes Systems Hostage Across the Globe

Early on Tuesday, June 27, reports began to circulate that organizations in the Ukraine and elsewhere in Europe were suffering ransomware attacks. It quickly became clear that this Petya attack could equal or surpass the May WannaCry attack. WannaCry’s spread was so successful because it was powered by a flaw in Windows, and although Microsoft had rele
Publish At:2017-06-27 20:30 | Read:4143 | Comments:0 | Tags:Malware Advanced Threats IBM Security IBM X-Force Exchange I

The Hidden Privacy Issues With Windows 10: The Injection of Ads and How to Improve Your Online Privacy

Microsoft’s Windows 10 is rapidly replacing older operating systems in both personal and professional environments. As with any OS, however, there are several key things you need to know upfront. The addition of unique advertising IDs that inject Microsoft ads into your browser, recommended express privacy settings and cloud syncing of personal inform
Publish At:2017-05-14 01:10 | Read:3040 | Comments:0 | Tags:Endpoint Identity & Access advertising opt-out page cortana

Lesson Learned From Stuxnet

Security researchers discovered Stuxnet in 2010, and it has since become one of the most well-known malware campaigns in history. The cybercriminals behind the attack developed the infamous worm to damage programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems using four zero-day vulnerabilities in Microsoft Windows
Publish At:2017-03-10 12:10 | Read:3912 | Comments:0 | Tags:Energy and Utility Infrastructure Protection Energy Industry

New(ish) Mirai Spreader Poses New Risks

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices. This is not the case. Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant
Publish At:2017-02-21 07:15 | Read:11532 | Comments:0 | Tags:Blog Research Botnets Internet of Things Microsoft Windows M

New Critical Fixes for Flash, MS Windows

Both Adobe and Microsoft on Tuesday issued patches to plug critical security holes in their products. Adobe’s Flash Player patch addresses 17 security flaws, including one “zero-day” bug that is already actively being exploited by attackers. Microsoft’s bundle of updates tackles at least 42 security weaknesses in Windows and associate
Publish At:2016-12-14 22:40 | Read:4444 | Comments:0 | Tags:Other adobe flash player Microsoft Windows Recorded Future S

Malicious code and the Windows integrity mechanism

Introduction Ask any expert who analyzes malicious code for Windows which system privileges malware works with and wants to acquire and, without a second thought, they’ll tell you: “Administrator rights”. Are there any studies to back this up? Unfortunately, I was unable to find any coherent analysis on the subject; however, it is never too
Publish At:2016-11-28 09:20 | Read:5059 | Comments:0 | Tags:Blog Software Malware Technologies Microsoft Windows Securit

20-year-old Windows bug lets printers install malware—patch now

For more than two decades, Microsoft Windows has provided the means for clever attackers to surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers, on a local area network. Microsoft finally addressed the bug on Tuesday during its monthly patch cycle.The vulnerability res
Publish At:2016-07-14 15:25 | Read:4876 | Comments:0 | Tags:Risk Assessment Technology Lab exploits Microsoft Windows pa

Privacy and Windows 10: What’s in Your Settings?

Unless you’ve been totally unplugged for the past month, you are aware that Microsoft has rolled out the long-awaited Windows 10 operating system (OS). Users of the Windows 7 and 8 OSs were offered free upgrades, which they received via their update feature within their current OS. Accompanying the update and installation of Windows 10 was a new and co
Publish At:2015-08-24 09:55 | Read:4241 | Comments:0 | Tags:Software & App Vulnerabilities Microsoft Microsoft Windows P

Why Windows 10 Will Start Up Business Again

It’s been 20 years since we moved from folders to the Start button to start up our workday. One generation later Windows 10 needs to answer not only if it is the best choice for business, but also the blurred lines work tech has taken with the whole world gone mobile. I remember spending four hours in college desperately hoping my IBM 486 processor and
Publish At:2015-08-07 13:30 | Read:5005 | Comments:0 | Tags:Mobile Security Microsoft Microsoft Windows Windows Windows

Tools

Tag Cloud