HackDig : Dig high-quality web security articles for hackers

Sophos: Crypto-Jacking Campaign Linked to Iranian Company

An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos.The attacks result in the MrbMiner crypto-miner being installed onto the target servers, with the software apparently created, controlled, and hosted by a named Iranian company.The So
Publish At:2021-01-22 14:05 | Read:102 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.With Microsoft Edge 88.0.705.50 now rolling out, users get a built-in strong password ge
Publish At:2021-01-22 14:05 | Read:114 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Drupal Updates Patch Another Vulnerability Related to Archive Files

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.Core patches were made available for Drupal 9.1, 9.0, 8.9, and 7, to resolve a security flaw affecting PEAR Archive_Tar, and which also impacts Drupal. The third-party library has been designed to suppo
Publish At:2021-01-21 14:41 | Read:74 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Enterprise Credentials Publicly Exposed by Cybercriminals

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.The corporate account credentials were stolen as part of a phishing campaign that kicked off in August 2020, targeting thousands of organizations worldwide.As part of the cam
Publish At:2021-01-21 14:41 | Read:147 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.The attack, dubbed KindleDrip, was discovered in October 2020 by Yogev Bar-On, a researcher at Israel-based cybersecurity consulting firm Realmode Labs. KindleDrip
Publish At:2021-01-21 10:47 | Read:75 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS).Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, t
Publish At:2021-01-21 10:47 | Read:127 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020.Solution Manager (SolMan) was designed to provide central management for SAP and non-SAP systems and requires for Solution Manager Diagnostic Agent (SMDAgent) to be installed on each host, for t
Publish At:2021-01-21 02:59 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Oracle's January 2021 CPU Contains 329 New Security Patches

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.The January 2021 Critical Patch Update (CPU) addresses issues in both Oracle products and third-party components that are included in the company’s products, with some of the patches meant to address multiple vulnerabi
Publish At:2021-01-20 15:17 | Read:176 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users. Since December 2020, it penetrated over 10 Demand Side Platforms (DSP), primarily Europe-based, with obse
Publish At:2021-01-20 15:17 | Read:138 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security F

New 'FreakOut' Malware Ensnares Linux Devices Into Botnet

A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service (DDoS) and crypto-mining attacks.Dubbed FreakOut, the malware is infecting devices that haven’t yet received patches for three relatively new vulnerabilities, including one that was made public
Publish At:2021-01-20 11:23 | Read:200 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Chrome 88 Drops Flash, Patches Critical Vulnerability

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash.The removal of Flash support isn’t surprising, considering that the software reached end-of-life on December 31, 2020, and Adobe started blocking
Publish At:2021-01-20 11:23 | Read:137 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks

Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.The vulnerabilities, collectively tracked as DNSpooq, impact Dnsmasq, a widely used piece of open source software designed to provide DNS
Publish At:2021-01-20 08:45 | Read:127 | Comments:0 | Tags:Network Security NEWS & INDUSTRY SCADA / ICS Risk Manage

Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million

The Ryuk ransomware criminal enterprise is estimated to be worth more than $150,000,000, security researchers say.Initially detailed in 2018 and believed to be operated by Russian cybercriminals, Ryuk has become one of the most prevalent malware families, being used in various high-profile attacks, such as the targeting of Pennsylvania-based UHS and Alabama
Publish At:2021-01-18 16:29 | Read:161 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Fr

Expired Domain Allowed Researcher to Hijack Country's TLD

A researcher claimed last week that he managed to take control of the country code top-level domain (ccTLD) for the Democratic Republic of Congo after an important domain name was left to expire.Before the holidays, Fredrik Almroth, founder and researcher at web security company Detectify, decided to analyze the name server (NS) records used by all TLDs. The
Publish At:2021-01-18 16:29 | Read:158 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Identity & Access V

FBI Warns of Employee Credential Phishing via Phone, Chat

The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting
Publish At:2021-01-18 16:29 | Read:236 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Applicati


Tag Cloud