HackDig : Dig high-quality web security articles for hacker

Zoom client for Windows could allow hackers to steal users’Windows password

The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoo
Publish At:2020-04-01 18:48 | Read:66 | Comments:0 | Tags:Breaking News Hacking information security news it security

Experts published PoC exploits for CVE-2020-0796 privilege escalation flaw on Windows

Researchers published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows flaw, tracked as SMBGhost, that can be exploited for local privilege escalation. Researchers Daniel García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_) have published proof-of-concept (PoC) exploits for the CVE-2020-0796 Windows vulnerability, tracked a
Publish At:2020-04-01 07:49 | Read:86 | Comments:0 | Tags:Breaking News Hacking CVE-2020-0796 hacking news it security

Breaking the Ice: A Deep Dive Into the IcedID Banking Trojan’s New Major Version Release

The IcedID banking Trojan was discovered by IBM X-Force researchers in 2017. At that time, it targeted banks, payment card providers, mobile services providers, payroll, webmail and e-commerce sites, mainly in the U.S. IcedID has since continued to evolve, and while one of its more recent versions became active in late-2019, X-Force researchers have identifi
Publish At:2020-04-01 07:12 | Read:118 | Comments:0 | Tags:Fraud Protection Malware Threat Research Banking Malware Ban

0patch releases free unofficial patches for Windows 0days exploited in the wild

ACROS Security’s 0patch service released unofficial patches for two Windows flaws actively exploited by attackers in the wild. ACROS Security’s 0patch service released unofficial patches for two Windows vulnerabilities actively exploited by attackers in the wild, both issues have yet to be fixed by Microsoft. A few days ago, Microsoft warned of hacker
Publish At:2020-03-27 14:00 | Read:152 | Comments:0 | Tags:Breaking News Security 0Patch Hacking information security n

Windows has a zero-day that won’t be patched for weeks

byJohn E DunnCybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.For now, there are no CVE identifiers and the only confirmed details are in
Publish At:2020-03-25 09:06 | Read:109 | Comments:0 | Tags:Microsoft Operating Systems Security threats Vulnerability W

Microsoft discovers two new remote code execution vulnerabilities

On March 23, Microsoft announced that it had discovered two critical vulnerabilities in Windows. The announcement was made outside the company’s regular communications schedule, highlighting how critical these vulnerabilities are. These are remote code execution vulnerabilities, and Adobe Type Manager Library. Microsoft says it is aware of a limited nu
Publish At:2020-03-25 08:30 | Read:160 | Comments:0 | Tags:Business News Security b2b Microsoft vulnerability Windows

Pwn2Own 2020 Day1 -researchers earned $180K for hacking Windows, Ubuntu, and macOS

During the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for exploits targeting Windows 10, Ubuntu Desktop and macOS. The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the parti
Publish At:2020-03-19 08:21 | Read:278 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw

byJohn E DunnWhat’s the difference between a scheduled security update and one that’s out-of-band?In the case of the critical Windows 10 Server Message Block (SMB) vulnerability (CVE-2020-0796) left unpatched in March’s otherwise bumper Windows Patch Tuesday update, the answer is two days.That’s how long it took Microsoft to change its mind about releasing a
Publish At:2020-03-16 08:53 | Read:290 | Comments:0 | Tags:Microsoft Operating Systems Security threats Vulnerability W

99% of compromised Microsoft enterprise accounts lack MFA

byJohn E DunnCybercriminals compromise 0.5% of all Microsoft enterprise accounts every month because too few customers are using multi-factor authentication (MFA), the company has revealed.In a presentation uploaded to YouTube from the recent RSA Security Conference, director of Identity Security Alex Weinert said 1.2 million accounts were compromised in Jan
Publish At:2020-03-09 08:17 | Read:259 | Comments:0 | Tags:2-factor Authentication Microsoft Privacy Security threats W

Microsoft: Turn off Memory Integrity if it’s causing problems

byDanny BradburyMicrosoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off. The advice, issued last week, should bring relief to many users of Memory Integrity, a feature designed to protect Windows computers from badly behaved drivers.Memory Integrity is a feature inside a broader set of
Publish At:2020-03-09 08:17 | Read:178 | Comments:0 | Tags:Microsoft Security threats Windows flaws Memory Integration

Nvidia patches severe flaws affecting GeForce, Quadro NVS and Tesla

byJohn E DunnDenial of service, local escalation of privileges, and information disclosure are not security worries most computer users will associate with their racy graphics card or its drivers.And yet fixes for precisely these issues are part of February’s Nvidia GPU display update, all of which could compromise Windows or Linux PCs, allowing an attacker
Publish At:2020-03-03 08:07 | Read:193 | Comments:0 | Tags:Linux Microsoft Operating Systems Security threats Vulnerabi

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

byJohn E DunnWeeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.Th
Publish At:2020-02-15 12:44 | Read:405 | Comments:0 | Tags:Adobe Internet Explorer Microsoft Operating Systems Vulnerab

Corp.com is up for sale – check your Active Directory settings!

byDanny BradburyAn old domain that has lain dormant for 26 years is going on sale – and the results could be catastrophic for enterprises with poorly configured Active Directory setups.Brian Krebs reports that Mike O’Connor, a domain prospector who registered corp.com in 1994, wants to sell the domain for $1.7 million as he simplifies his estate.
Publish At:2020-02-15 12:43 | Read:342 | Comments:0 | Tags:Microsoft Security threats Active Directory Corp.com DNS dom

2020: The end of Windows 7

On January 14, Microsoft ended support for Windows 7 and Windows Server 2008. This means that these two operating systems will no longer receive updates, since Microsoft has stopped developing new patches for vulnerabilities that appear on these systems. As a result, computers running this version will be vulnerable to malware and other malicious programs. I
Publish At:2020-02-12 05:28 | Read:291 | Comments:0 | Tags:Business News EoL Windows Windows 7

Malwarebytes Labs releases 2020 State of Malware Report

Malwarebytes Labs today released the results of our annual study on the state of malware—the 2020 State of Malware Report—and as usual, it’s a doozy. From an increase in enterprise-focused threats to the diversification of sophisticated hacking and stealth techniques, the 2019 threat landscape was shaped by a cybercrime industry that aimed to show i
Publish At:2020-02-11 04:50 | Read:462 | Comments:0 | Tags:Reports 2020 state of malware report adware Android android

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud