HackDig : Dig high-quality web security articles for hacker

Fake Snapchat in Google Play Store

Introduction   Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for “Snapchat”. The fake version of Snapchat app is using “Snap Inc .” as Company Name, with a  ” .” appended to original name. Fake
Publish At:2017-08-11 02:50 | Read:286 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

Hackshit PhaaS platform, even more easy to power Phishing campaigns

The experts from Netskope Threat Research Labs discovered the Hackshit PhaaS platform, another interesting case of crimeware-as-a-service. A few days ago, we discussed the Katyusha scanner,a powerful and fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future that was available for $500 in the cyber crime undergr
Publish At:2017-07-16 07:30 | Read:386 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Uncategorized crimeware-as

zIPS and “Android for Work”

zIPS, the leading mobile threat defense solution, now provides tailored protection for Android for Work use cases. Enterprise IT and security professionals have been working with corporate end-users for decades to keep their desktops, laptops and servers secure. So you might think that those professionals would have a lock on what users will tolerate when it
Publish At:2017-07-11 22:35 | Read:192 | Comments:0 | Tags:Uncategorized

Wikileaks revealed CIA Cherry Blossom framework for hacking Wireless devices

WikiLeaks released documents detailing the Cherry Blossom framework which is being used by the CIA cyber spies to hack into Wi-Fi devices. WikiLeaks released a new batch of documents belonging to the Vault 7 leak, the files provide details related to the Cherry Blossom framework which is being used by the CIA cyber spies to hack into Wi-Fi devices. The frame
Publish At:2017-06-16 09:20 | Read:652 | Comments:0 | Tags:Uncategorized

Microsoft patches two critical remote code execution (RCE) flaws that have been exploited in attacks

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulner
Publish At:2017-06-14 02:05 | Read:237 | Comments:0 | Tags:Breaking News Hacking Uncategorized critical remote code exe

You can take Shadow Brokers Zero Day Exploit Subscriptions for $21,000 per month

Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month. A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. Shado
Publish At:2017-05-30 23:35 | Read:486 | Comments:0 | Tags:Uncategorized Cybercrime Equation group Hacking malware Micr

Bell Canada hacked, 1.9 million customer account details stolen by hackers

The telco giant Bell Canada was the victim of a security breach that exposed roughly two million customer account details. The long string of data breach continues, while I’m writing about the intrusion in the systems of the technology provider DocuSign, another incident made the headlines, this time the victim is Bell Canada. The company admitted on T
Publish At:2017-05-17 22:20 | Read:507 | Comments:0 | Tags:Uncategorized Bell Canada Cybercrime data breach Hacking

NATO Locked Shields 2017, world’s largest cyber defence exercise just ended

Locked Shields is the world’s largest and most advanced international technical live-fire cyber defence exercise organized by the NATO since 2010. Locked Shields is the world’s largest and most sophisticated international cyber defence exercise. It is an annual event since 2010, Locked Shields is organized by the NATO Cooperative Cyber Defence Centre of Exce
Publish At:2017-05-02 01:40 | Read:519 | Comments:0 | Tags:Breaking News Cyber warfare Security Uncategorized critical

NDAY-2017-0105: Elevation of Privilege Vulnerability in MSM Thermal Driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosure
Publish At:2017-04-25 15:35 | Read:532 | Comments:0 | Tags:Android Mobile Malware Mobile security Threat Research Uncat

NDAY-2017-0102: Elevation of Privilege Vulnerability in NVIDIA Video Driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosur
Publish At:2017-04-25 15:35 | Read:526 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

Threat Research: FalseGuide

This Threat Research is about the recently (re)discovered “FalseGuide” threat found in Google Play. FalseGuide is form of malware that has been hidden in more than 40 game guide apps in Google Play since February 2017. According to reports, approximately 600,000 devices may have been infected before the known versions of the malware were removed from Google
Publish At:2017-04-25 15:35 | Read:471 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

The Stuxnet vulnerability is still one of the most exploited flaws in the wild by hackers

A new report published by Kaspersky confirms that Stuxnet exploits targeting a Windows Shell Vulnerability is still widely adopted by threat actors. The case that I’m going to present you demonstrates the importance of patch management and shows the effects of the militarization of the cyberspace. Unpatched software is an easy target for hackers that c
Publish At:2017-04-21 17:25 | Read:424 | Comments:0 | Tags:Uncategorized CVE-2010-2568 Kaspersky malware state sponsore

Speeding up Proxychains with Nmap / Xargs

So for a while now I’ve wanted a way to better use Nmap with proxychains and essentially I’ve resulted in a fairly simple one-liner that has worked for me for a while now on basic port scanning. It’s a trivial concept but really does speed up the process with no negative affect from what I can tell. Obviously you have to be careful on how t
Publish At:2017-03-17 13:55 | Read:521 | Comments:0 | Tags:Uncategorized

Flaws in MAC address randomization implemented by vendors allow mobile tracking

Researchers devised a new attack method that can be leveraged to track mobile devices that rely on MAC address randomization mechanism. The MAC address is a unique and an hardcoded identifier assigned to a device’s network interface. This characteristic makes it an excellent tool for the tracking of the devices. A group of researchers from the U.S. Naval Aca
Publish At:2017-03-12 23:40 | Read:711 | Comments:0 | Tags:Uncategorized Android iOS Mac MAC address randomization priv

A bug in Twitter allowed hackers to access to locked accounts until October

A flaw in Twitter allowed attackers to access locked accounts bypassing the locking mechanism implemented by the company. A flaw in the Twitter application allowed, until a few months ago, to access locked accounts bypassing the locking mechanism implemented by the IT giant. Twitter can lock user accounts every time it believes the users are abusing its serv
Publish At:2017-03-08 06:00 | Read:522 | Comments:0 | Tags:Breaking News Hacking Social Networks Uncategorized authenti

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud