HackDig : Dig high-quality web security articles

Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw

This patch Tuesday harvest was another big one. The Windows updates alone included seven zero-day vulnerability updates, two of them are actively being used in the wild by a group called PuzzleMaker, four others that have also been seen in the wild, plus one other zero-day vulnerability not known to have been actively exploited. Add to that 45 vulnerabilitie
Publish At:2021-06-09 11:16 | Read:136 | Comments:0 | Tags:Exploits and vulnerabilities adobe Android Cisco microsoft p

Microsoft Patches Six Zero-Day Security Holes

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month
Publish At:2021-06-08 19:10 | Read:146 | Comments:0 | Tags:Time to Patch adobe Automox Christopher Hass CVE-2021-28550

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

byPaul DucklinThe annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes.Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions.Indeed, Pwn2Own is a bug bounty program with a twist.The end result is still responsible disclos
Publish At:2021-04-19 23:44 | Read:422 | Comments:0 | Tags:Apple Google Linux Microsoft Oracle Vulnerability Windows bu

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windo
Publish At:2021-04-13 20:04 | Read:363 | Comments:0 | Tags:Time to Patch CVE-2021-28310 CVE-2021-28480 CVE-2021-28481 C

Ghidra 101: Loading Windows Symbols (PDB files)

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effec
Publish At:2021-03-09 03:02 | Read:484 | Comments:0 | Tags:Cyber Security database Ghidra Windows

Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the D
Publish At:2021-02-25 11:55 | Read:664 | Comments:0 | Tags:Breaking News Hacking CVE-2021-24093 hacking news informatio

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. WatchDog is one of the largest and longest-lasting Monero cryptojacking operations
Publish At:2021-02-18 14:48 | Read:492 | Comments:0 | Tags:Breaking News Cyber Crime Malware Hacking hacking news infor

A week in security (January 11 – January 17)

Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some brands are more appealing to scammers than others (Source: Z
Publish At:2021-01-18 08:30 | Read:714 | Comments:0 | Tags:A week in security a week in security exploits mac malware p

Aether XI release delivers protection for Windows on ARM

The long-awaited ARM processor revolution has finally arrived. ARM processors, which started out by conquering mobile devices, suddenly seemed to be an interesting, viable alternative for servers, desktops, and laptops and many companies invested in what was believed to be a surefire future trend in the technology industry. Yet as the years went by, ARM solu
Publish At:2021-01-14 06:46 | Read:701 | Comments:0 | Tags:Business Panda Security Products aether ARM b2b Windows

Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue

Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. Microsoft Patch Tuesday security updates for January 2021 fix 83 security vulnerabilities in multiple products, including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Office and Microsoft Office Services
Publish At:2021-01-13 13:00 | Read:518 | Comments:0 | Tags:Breaking News Security DOS Hacking hacking news information

Sophisticated hacking campaign uses Windows and Android zero-days

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed in attacks in the wild. While partnering with the Google Threat Analysis Group (TAG), the experts discovered
Publish At:2021-01-12 21:24 | Read:714 | Comments:0 | Tags:APT Breaking News Hacking Android Chrome hacking news inform

Adobe Flash Player reaches end-of-life

“What now? My farm is no longer working. Can you have a look, honey?” Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make progress in the game. So, when her browser refused to ope
Publish At:2021-01-06 07:54 | Read:735 | Comments:0 | Tags:Awareness Adobe Flash Player browser games exploit kits flas

Google reported that Microsoft failed to fix a Windows zero-day flaw

Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spoole
Publish At:2020-12-24 09:24 | Read:995 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed

Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. The French security researcher Clément Labro discovered a zero-day vulnerability was discovered while the security researcher was working on an update Windows security tool. The researcher was developing his own Windows pr
Publish At:2020-11-26 09:20 | Read:807 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

byPaul DucklinWe know what you’re thinking: “Another year; another vendor; another threat report……and when I open it, I’ll be stuck in a thinly disguised product brochure.”Well, not this one.We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Re
Publish At:2020-11-18 12:13 | Read:995 | Comments:0 | Tags:Android BEC Botnet Data loss Linux Machine Learning Malware