HackDig : Dig high-quality web security articles for hacker

Google Updates Chrome, Extends Safe Browsing to Chrome for Android

Google yesterday released an update for the Chrome browser that patches seven vulnerabilities and also updates Adobe Flash Player. It also announced that Google Safe Browsing has been extended to Chrome for Android.The Chrome browser update is the second in less than a week; on Dec 1, Chrome 47 was released and 41 vulnerabilities were patched. Yesterday
Publish At:2015-12-10 00:20 | Read:1059 | Comments:0 | Tags:Google Vulnerabilities Web Security Adobe Flash for Chrome A

Internet Root Name Servers Survive Unusual DDoS Attack

An unusual DDoS amplification attack was carried out 10 days ago against many of the Internet’s 13 root name servers, the authoritative servers used to resolve IP addresses.The attacks happened on Nov. 30 and again on Dec. 1, and each time, massive volumes of traffic, peaking at five million queries per second, were fired at the servers. A note from th
Publish At:2015-12-10 00:20 | Read:855 | Comments:0 | Tags:Hacks Web Security BCP-38 DDoS DDoS Amplification attack DNS

Massive Adobe Flash Update Patches 79 Vulnerabilities

Adobe may indeed be thinking about phasing out Flash Player, and updates like today’s monster security bulletin will only serve to fuel that movement going forward.Released just an hour before Microsoft’s scheduled Patch Tuesday release, Adobe pushed out a new version of the maligned Flash Player that addressed 79 CVEs. None of the patched vulner
Publish At:2015-12-09 06:15 | Read:638 | Comments:0 | Tags:Vulnerabilities Web Security

Bitcoin Extortionist Copycats on the Rise, Experts Say

Experts believe that the success tied to a recent spate of DDoS-for-hire groups may be because many are copycat collectives operating with a shorter lifespan.Researchers with Recorded Future, a Massachusetts-based firm that tracks real time threat intelligence, said Monday that they’ve noticed an increase in would-be hackers asking for guidance on foru
Publish At:2015-12-08 12:10 | Read:845 | Comments:0 | Tags:Privacy Ransomware Web Security Armada Collective Bitcoin DD

Relentless Sofacy APT Attacks Armed With Zero Days, New Backdoors

A new analysis of the Sofacy APT gang, a Russian-speaking group carrying out targeted attacks against military and government offices for close to a decade, shows a relentless wave of intrusions peaking this summer against victims in a number of NATO countries and the Ukraine.Researchers at Kaspersky Lab this morning released their update on Sofacy, which is
Publish At:2015-12-04 17:45 | Read:513 | Comments:0 | Tags:Malware Web Security advanced persistent threat apt Kaspersk

OpenSSL Patches Bring Last Update for 0.9.8 and 1.0.0 Branches

The OpenSSL Software Foundation patched four vulnerabilities in the cryptographic software library on Thursday, likely marking the last time that two older versions of the library will receive updates.The group announced back in December 2014 that it would cease support for two of OpenSSL branches, 1.0.0 and 0.9.8 at the end of the 2015. Yesterday, in a secu
Publish At:2015-12-04 17:45 | Read:700 | Comments:0 | Tags:Vulnerabilities Web Security DoS OpenSSL OpenSSL updates Pat

Let’s Encrypt Initiative Enters Public Beta

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption.The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October.Now,
Publish At:2015-12-04 17:45 | Read:802 | Comments:0 | Tags:Privacy Web Security Encryption HTTPS Let's Encrypt Security

Flash’s Farewell Under Way

If there’s unanimity among security professionals in anything, it’s in their loathing of Adobe’s Flash Player. There’s yet to be an APT or exploit kit that hasn’t welcomed vulnerabilities in the development platform with open arms. And for all that misery tallied up in lost intellectual property and industrial secrets, and stole
Publish At:2015-12-03 23:40 | Read:770 | Comments:0 | Tags:Vulnerabilities Web Security adobe adobe flash Adobe Flash e

Google Ends Chrome Support on 32-bit Linux, Releases Chrome 47

Google announced this week it will end Chrome support for older, 32-bit Linux distributions early next year and will maintain the browser on more popular distributions of the software.Specifically Google plans to stop pushing updates and security fixes to those running Chrome on 32-bit Linux, Ubuntu Precise 12.04, and Debian 7. Most computers manufactured in
Publish At:2015-12-03 05:35 | Read:903 | Comments:0 | Tags:Vulnerabilities Web Security chrome Chrome for Linux Debian

Advantech ICS Gear Still Vulnerable to Shellshock, Heartbleed

Twice in the past year, security researchers have found and reported critical vulnerabilities in Modbus gateways built by Advantech that are used to connect serial devices in industrial control environments to IP networks.Most recently, independent security researcher Neil Smith found hard-coded SSH keys in the Advantech EKI series of devices, while a year a
Publish At:2015-12-03 05:35 | Read:967 | Comments:0 | Tags:Critical Infrastructure Vulnerabilities Web Security Advante

Cisco Patches WebEx App for Android, Warns of Unpatched Flaws

Cisco has been busy the last two days pushing out a patch and security advisories for a number of its products, including a fix for a remotely exploitable vulnerability in its WebEx Meetings mobile application for Android.Cisco said the vulnerability affects versions prior to 8.5.1 of the app, and that it is not aware of public exploits. “A vulnerabi
Publish At:2015-12-03 05:35 | Read:692 | Comments:0 | Tags:Mobile Security Vulnerabilities Web Security

China APT Gang Targets Hong Kong Media via Dropbox

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong.An August attack against several media companies in Hong Kong was carried out shortly after a high-profile controversy over an appointment at the prestigiou
Publish At:2015-12-01 17:25 | Read:814 | Comments:0 | Tags:Government Malware Web Security admin@338 advanced persisten

Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates

Researchers have found that thousands of Internet gateways, routers, modems and other embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks that open the door to more extensive intrusions that jeopardize encrypted data.This type of certificate reuse and sharing of SSH keys is apparently all
Publish At:2015-11-30 23:20 | Read:681 | Comments:0 | Tags:Privacy Vulnerabilities Web Security Cryptographic keys Embe

Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware

In short order, the newest version of Cryptowall has begun showing up in exploit kits.The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, Cryp
Publish At:2015-11-25 16:45 | Read:926 | Comments:0 | Tags:Malware Ransomware Web Security Angler Exploit Kit BizCN Bra

LinkedIn Fixes Persistent XSS Vulnerability

Developers at LinkedIn fixed a persistent cross site scripting vulnerability in the social network this week that could have been exploited to spread a worm on the service’s help forums.It was a very a quick turnaround for the company according to the researcher, who said LinkedIn fixed the issue a mere three hours after he reported it.According to Roh
Publish At:2015-11-19 16:05 | Read:673 | Comments:0 | Tags:Vulnerabilities Web Security Cross Site Scripting LinkedIn X

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud