HackDig : Dig high-quality web security articles for hacker

Unwanted notifications in browser

When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achieve that, users are hoaxed into subscribing to notifications, fo
Publish At:2019-11-25 13:05 | Read:244 | Comments:0 | Tags:Featured Research Browser Phishing Social Engineering

The cybercrime ecosystem: attacking blogs

Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat landscape to provide a more realistic understanding of why thi
Publish At:2019-11-21 06:05 | Read:211 | Comments:0 | Tags:Research code injection Data leaks Malware SQL injection Vul

Steam-powered scammers

Digital game distribution services have not only simplified the sale of games themselves, but provided developers with additional monetization levers. For example, in-game items, such as skins, equipment, and other character-enhancing elements as well as those that help one show up, can be sold for real money. Users themselves can also sell items to each oth
Publish At:2019-10-28 06:05 | Read:273 | Comments:0 | Tags:Featured Research Fraud gam Phishing websites Social Enginee

Hello! My name is Dtrack

Our investigation into the Dtrack RAT actually began with a different activity. In the late summer of 2018, we discovered ATMDtrack, a piece of banking malware targeting Indian banks. Further analysis showed that the malware was designed to be planted on the victim’s ATMs, where it could read and store the data of cards that were inserted into the mach
Publish At:2019-09-23 06:20 | Read:402 | Comments:0 | Tags:Featured Research ATM Dropper Financial malware Lazarus Malw

Agent 1433: remote attack on Microsoft SQL Server

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to work
Publish At:2019-09-19 18:20 | Read:270 | Comments:0 | Tags:Research Backdoor Microsoft SQL Passwords Trojan

Fully equipped Spying Android RAT from Brazil: BRATA

“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. It has been widespread since Janua
Publish At:2019-09-19 18:20 | Read:233 | Comments:0 | Tags:Research Brazil Google Android Malware Descriptions Mobile M

Threats to macOS users

Introduction The belief that there are no threats for the macOS operating system (or at least no serious threats) has been bandied about for decades. The owners of MacBooks and iMacs are only rivaled by Linux users in terms of the level of confidence in their own security, and we must admit that they are right to a certain degree: compared to Windows-based s
Publish At:2019-09-19 18:20 | Read:294 | Comments:0 | Tags:Featured Research Apple MacOS Malware Descriptions Phishing

Assessing the impact of protection from web miners

Brief summary: We present the results of evaluating the positive economic and environmental impact of blocking web miners with Kaspersky products. The total power saving can be calculated with known accuracy using the formula <w>·N, where <w> is the average value of the increase in power consumption of the user device during web mining, and N is
Publish At:2019-09-19 18:20 | Read:313 | Comments:0 | Tags:Featured Research Cryptocurrencies Miner

When PSD2 Opens More Doors: The Risks of Open Banking

By Feike Hacquebord, Robert McArdle, Fernando Mercês, and David Sancho As more industries adapt to cater to the increasingly mobile market, the financial industry is the latest to experience a shake-up. The Revised Payment Service Directive (PSD2) – also known as Open Banking – is a new set of rules for the European Union (EU) that’s expected to affect
Publish At:2019-09-19 14:50 | Read:410 | Comments:0 | Tags:Bad Sites Internet of Things Malware Mobile Ransomware Vulne

Silence – a new Trojan attacking financial organizations

More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a kno
Publish At:2017-11-01 18:25 | Read:3840 | Comments:0 | Tags:Featured Research Backdoor Dropper Financial malware Targete

Tales from the blockchain

Cryptocurrency has gradually evolved from an element of a new world, utopian economy to a business that has affected even those sectors of society least involved in information technology. At the same time, it has acquired a fair number of “undesirable” supporters who aim to enrich themselves at the expense of other users: attackers who release m
Publish At:2017-10-31 05:30 | Read:2732 | Comments:0 | Tags:Research Cryptocurrencies Financial malware malware descript

Analyzing an exploit for СVE-2017-11826

The latest Patch Tuesday (17 October) brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML pa
Publish At:2017-10-26 05:40 | Read:5843 | Comments:0 | Tags:Research Microsoft Office Targeted Attacks Vulnerabilities a

Cybersecurity vs Productivity: The CISO’s Dilemma

Today organizations are struggling with the best way to protect against attacks that are targeting the endpoint. Too often, the security strategy has been to put the onus on the individual employee. Research has shown, over and over again, that training and user restrictions are both tedious and expensive, and have a very low success rate. This is because c
Publish At:2017-10-23 23:40 | Read:3602 | Comments:0 | Tags:Company News CISO defense dilemma end users hackers infograp

BlackOasis APT and new targeted attacks leveraging zero-day exploit

More information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com Introduction Kaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details require
Publish At:2017-10-21 15:05 | Read:4187 | Comments:0 | Tags:Featured Research Adobe APT Microsoft Word Vulnerabilities a

ATMii: a small but effective ATM robber

While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list – Backdoor.Win32.ATMii. ATMii was first brought to our attention in April 2017,
Publish At:2017-10-21 15:05 | Read:3079 | Comments:0 | Tags:Research ATM Backdoor Financial malware

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud