HackDig : Dig high-quality web security articles for hackers

Microsoft warns of incoming Windows Zerologon patch enforcement

Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month.Zerologon is a critical 10/10 rated security flaw tracked as CVE-2020-1472 which, when successfully exploited, enables attackers to elevate privileges to domain administrator an
Publish At:2021-01-15 12:07 | Read:98 | Comments:0 | Tags:Security Microsoft

NSA: DNS over HTTPS Provides “False Sense of Security”

The US National Security Agency (NSA) has warned enterprises that adoption of encrypted DNS services can lead to a false sense of security and even disrupt their own DNS-monitoring tools.DNS over HTTPS (DoH) has become an increasingly popular way to improve privacy and integrity by protecting DNS traffic between a client and a DNS resolver from unauthorized
Publish At:2021-01-15 09:26 | Read:112 | Comments:0 | Tags: security

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Apache Velocity i
Publish At:2021-01-15 08:13 | Read:120 | Comments:0 | Tags:Security Software Xss Vulnerability

Cisco says its RV routers will no longer receive updates

Cisco announced it will no longer release firmware updates to fix 74 vulnerabilities affecting its RV routers, which reached end-of-life (EOL). Cisco will no longer release firmware updates to address 74 vulnerabilities affecting some of its RV routers that reached end-of-life (EOL). The vendor will not release updates for RV110W, RV130, RV130W, and RV
Publish At:2021-01-15 04:00 | Read:75 | Comments:0 | Tags:Breaking News Security

Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk. In 2018, scammers raked in $180,000 using a successful Elon Musk giveaway scam promoted on Twit
Publish At:2021-01-14 20:31 | Read:114 | Comments:0 | Tags:Security CryptoCurrency hack

Expert discovered a DoS vulnerability in F5 BIG-IP systems

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716, that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Ma
Publish At:2021-01-14 20:12 | Read:133 | Comments:0 | Tags:Breaking News Security DOS F5 BIG-IP Hacking hacking news in

5 Cybersecurity Best Practices For Planning Ahead

Putting best practices in place is the most efficient way to combat cybersecurity threats. But that’s easier said than done, as there are a lot of forces working against our best efforts. The talent shortage looms the largest; there simply aren’t enough qualified cybersecurity experts out there to provide organizations a strong foundation. Witho
Publish At:2021-01-14 19:59 | Read:110 | Comments:0 | Tags:Security Services Cybersecurity Cybersecurity Training Incid

NSA advises companies to avoid third party DNS resolvers

The US National Security Agency (NSA) says that companies should avoid using third party DNS resolvers to block threat actors' DNS traffic eavesdropping and manipulation attempts and to block access to internal network information.NSA's recommendation was made in a new advisory on the benefits (and risks) of using DNS over HTTPS (DoH) in enterprise environme
Publish At:2021-01-14 16:37 | Read:121 | Comments:0 | Tags:Security

Facebook sues makers of malicious Chrome extensions for scraping data

Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook's website and from users' systems without authorization.The two defendants developed and distributed the malicious browser extensions through the Chrome Web Store working under the "Oink and Stuff" busines
Publish At:2021-01-14 16:37 | Read:118 | Comments:0 | Tags:Security

Operation Spalax, an ongoing malware campaign targeting Colombian entities

Security experts from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian government institutions and private companies. Malware researchers from ESET uncovered an ongoing surveillance campaign, dubbed Operation Spalax, against Colombian entities exclusively. The attacks aimed at government institutions and priva
Publish At:2021-01-14 16:18 | Read:156 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Security hacking n

Office January security updates fix remote code execution bugs

Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday.In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attac
Publish At:2021-01-14 12:43 | Read:131 | Comments:0 | Tags:Security Microsoft security

2021: Our cybersecurity predictions for the new year

However you look at it, 2020 has been one of the strangest years ever. Many of us were able to work from home for the first time, online shopping became the norm, and for long periods of time, video calling was the only way we could talk to our loved ones. So what can we expect in the new year? An increase in scammer activity Security researchers have recent
Publish At:2021-01-14 10:40 | Read:126 | Comments:0 | Tags:Mobile News Technology 2021 predictions WatchGuard security

Windows 10 bug corrupts your hard drive on seeing this file's icon

An unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrup
Publish At:2021-01-14 08:49 | Read:79 | Comments:0 | Tags:Security Microsoft Technology

Telegram-based phishing service Classiscam hits European marketplaces

Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.Some of the brands abused through this scam are extremely popular in Europe and include LeBonCoin, Allegro, OLX, Sbazar, FAN Courier, Lalafo, Kufar and DHL.Scam expanding to Eu
Publish At:2021-01-14 08:49 | Read:125 | Comments:0 | Tags:Security

CISA warns of recent successful cyberattacks against cloud service accounts

The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services.  The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’ cloud services. According to the agency, the attackers conducted phishing campaigns and exploited p
Publish At:2021-01-14 08:30 | Read:100 | Comments:0 | Tags:Breaking News Security CISA cloud service Hacking hacking ne

Tools

Tag Cloud