HackDig : Dig high-quality web security articles for hackers

UK NCSC’s alert urges orgs to fix MobileIron CVE-2020-15505 RCE

The UK NCSC issued an alert to urge organizations to patch the critical CVE-2020-15505 RCE vulnerability in MobileIron MDM systems. The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM p
Publish At:2020-11-25 07:18 | Read:48 | Comments:0 | Tags:Uncategorized CVE-2020-15505 Hacking hacking news informatio

Group-IB Hi-Tech Crime Trends 2020/2021 report

Group-IB, a global threat hunting and intelligence company, has presented its annual Hi-Tech Crime Trends 2020/2021 report. In the report, the company examines key shifts in the cybercrime world internationally between H2 2019 and H1 2020 and gives forecasts for the coming year. The most severe financial damage has occurred as a result of ransomware acti
Publish At:2020-11-25 07:18 | Read:98 | Comments:0 | Tags:APT Breaking News Cyber Crime Hacking Malware hacking news i

2FA bypass in cPanel potentially exposes tens of millions of websites to hack

2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major secur
Publish At:2020-11-24 20:07 | Read:174 | Comments:0 | Tags:Breaking News Hacking 2FA hacking news information security

Baidu Android apps removed from Play Store because caught collecting user details

Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive user detai
Publish At:2020-11-24 18:20 | Read:126 | Comments:0 | Tags:Breaking News Malware Mobile Android Baidu data leak Hacking

TrickBot operators continue to update their malware to increase resilience to takedown

Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure
Publish At:2020-11-24 15:42 | Read:103 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking hacking news infor

A new Stantinko Bot masqueraded as httpd targeting Linux servers

Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the time it inf
Publish At:2020-11-24 15:42 | Read:128 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet Hacking hacking new

Microsoft fixes Kerberos Authentication issues with an out-of-band Update

Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available o
Publish At:2020-11-24 11:48 | Read:28 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Credential stuffing attack targeted 300K+ Spotify users

Researchers uncovered a possible credential stuffing campaign that is targeting Spotify accounts using a database of 380 million login credentials. Security experts from vpnMentor have uncovered a possible credential stuffing operation that affected some Spotify accounts. Threat actors behind the campaign are using a database containing over 380 million r
Publish At:2020-11-24 07:54 | Read:58 | Comments:0 | Tags:Breaking News Hacking credential stuffing hacking news infor

Crooks social-engineered GoDaddy staff to take over crypto-biz domains

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. The threat actors were able to modify DNS settings by tricking GoDaddy e
Publish At:2020-11-24 07:54 | Read:41 | Comments:0 | Tags:Breaking News Cyber Crime Digital ID Hacking DNS hijacking G

VMware discloses critical zero-day CVE-2020-4006 in Workspace One

VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to e
Publish At:2020-11-23 20:12 | Read:111 | Comments:0 | Tags:Breaking News Security CVE-2020-4006 Hacking hacking news in

Researchers show how to steal a Tesla Model X in a few minutes

Boffins have demonstrated how to steal a Tesla Model X in a few minutes by exploiting vulnerabilities in the car’s keyless entry system. A team of researchers from the Computer Security and Industrial Cryptography (COSIC) group at the KU Leuven University in Belgium has demonstrated how to steal a Tesla Model X in minutes by exploiting vulnerabilities in
Publish At:2020-11-23 16:18 | Read:123 | Comments:0 | Tags:Breaking News Hacking Car hacking hacking news information s

Computer Security and Data Privacy, the perfect alliance

Computer security and data privacy are often poorly considered issues, experts urge more awareness of cyber threats. Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes even the very seriousness of the events, understood as virtual happenings, is not adequately perceived. An injection of
Publish At:2020-11-23 16:18 | Read:127 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

TikTok fixed security issues that could have led one-click account takeover

TikTok has addressed a couple of security issues that could have been chained to led account takeover.  The first issue addressed by the social media platform is a reflected XSS security flaw that has been reported by the bug bounty hunter Muhammed “milly” Taskiran via the bug bounty platform HackerOne. The Cross-Site-Scripting flaw affecte
Publish At:2020-11-23 12:24 | Read:96 | Comments:0 | Tags:Breaking News Hacking Cross-Site Request Forgery (CSRF). Rem

VMware fixed SD-WAN flaws that could allow hackers to target enterprise networks

VMware addressed six vulnerabilities in its SD-WAN Orchestrator product that can potentially expose enterprise networks to hack. VMware last week addressed six vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002, CVE-2020-4003) in its SD-WAN Orchestrator product, including some issues that can be chained by an attack
Publish At:2020-11-23 08:30 | Read:93 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

FBI issued an alert on Ragnar Locker ransomware activity

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April
Publish At:2020-11-23 05:55 | Read:80 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Reports hacking ne

Tools