HackDig : Dig high-quality web security articles

Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against o
Publish At:2021-09-16 14:25 | Read:248 | Comments:0 | Tags:Breaking News Hacking Malware Security CVE-2021-40444 Cyberc

Microsoft warns of a Windows zero-day security hole that is being actively exploited

In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations.The security hole, dubbed CVE-2021-40444, is a previously unknown remote code execution vulnerability in MSHTML, a core component of Windows which helps render web-based content.According to
Publish At:2021-09-09 12:27 | Read:141 | Comments:0 | Tags:Featured Articles ActiveX microsoft vulnerability Windows ze

Windows zero-day MSHTML attack – how not to get booby trapped!

byPaul DucklinDetails are scarce so far, but Microsoft is warning Office users about a bug that’s dubbed CVE-2021-40444, and described as Microsoft MSHTML Remote Code Execution Vulnerability.The bug doesn’t have a patch yet, so it’s what’s known as a zero-day, shorthand for “the Good Guys were zero days ahead of the Bad Guys wit
Publish At:2021-09-08 15:20 | Read:221 | Comments:0 | Tags:Malware Microsoft Vulnerability Windows activex CVE 2021 404

Microsoft warns of a zero-day in Internet Explorer that is actively exploited

Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either
Publish At:2021-09-08 08:54 | Read:301 | Comments:0 | Tags:Breaking News Security Cybersecurity cybersecurity news Hack

Ghidra 101: Loading Windows Symbols (PDB files) in Ghidra 10.x

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effec
Publish At:2021-07-27 05:11 | Read:392 | Comments:0 | Tags:IT Security and Data Protection Ghidra Windows

Windows “HiveNightmare” bug could leak passwords – here’s what to do!

byPaul DucklinAs if one Windows Nightmare dogging all our printers were not enough……here’s another bug, disclosed by Microsoft on 2021-07-20, that could expose critical secrets from the Windows registry.Denoted CVE-2021-36934, this one has variously been nicknamed HiveNightmare and SeriousSAM.The moniker HiveNightmare comes from the fact th
Publish At:2021-07-22 00:50 | Read:829 | Comments:0 | Tags:Microsoft Vulnerability Windows CVE-2021-36934 HiveNightmare

Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue. According to the expe
Publish At:2021-07-15 17:55 | Read:355 | Comments:0 | Tags:Breaking News Intelligence Malware Security Candiru Cybersec

I already have Windows Defender – why do I need another antimalware tool?

When Microsoft released Windows 8.1 it also included a free anti-malware tool called Windows Defender. Windows Defender now ships with every new Windows PC as standard, offering malware detection and a software firewall to keep your computer clean and virus-free. So does Windows Defender make standalone anti-malware software like Panda Dome unnecessary? Not
Publish At:2021-07-15 05:43 | Read:407 | Comments:0 | Tags:Mobile News Security Tips Antivirus Defender Windows

PrintNightmare official patch is out – update now!

byPaul DucklinHere’s the good news: Microsoft has released an emergency patch for the infamous PrintNightmare bug that showed up just over a week ago.The patch is what Redmond refers to as an OOB Security Update, where OOB is short for out-of-band.OOB is a jargon term that refers to communications that are kept separate from the usual channel you use,
Publish At:2021-07-07 11:10 | Read:511 | Comments:0 | Tags:Microsoft Vulnerability CVE-2021-1675 CVE-2021-34527 PrintNi

Hunting for Windows “Features” with Frida: DLL Sideloading

Offensive security professionals have been using Frida for analyzing iOS and Android mobile applications. However, there has been minimal usage of Frida for desktop operating systems such as Windows. Frida is described by the author as a “Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.” From a securit
Publish At:2021-07-01 17:47 | Read:453 | Comments:0 | Tags:Endpoint Network Security Services Application Programming I

Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw

This patch Tuesday harvest was another big one. The Windows updates alone included seven zero-day vulnerability updates, two of them are actively being used in the wild by a group called PuzzleMaker, four others that have also been seen in the wild, plus one other zero-day vulnerability not known to have been actively exploited. Add to that 45 vulnerabilitie
Publish At:2021-06-09 11:16 | Read:406 | Comments:0 | Tags:Exploits and vulnerabilities adobe Android Cisco microsoft p

Microsoft Patches Six Zero-Day Security Holes

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately. But what this month
Publish At:2021-06-08 19:10 | Read:468 | Comments:0 | Tags:Time to Patch adobe Automox Christopher Hass CVE-2021-28550

Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”

byPaul DucklinThe annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes.Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions.Indeed, Pwn2Own is a bug bounty program with a twist.The end result is still responsible disclos
Publish At:2021-04-19 23:44 | Read:764 | Comments:0 | Tags:Apple Google Linux Microsoft Oracle Vulnerability Windows bu

Microsoft Patch Tuesday, April 2021 Edition

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windo
Publish At:2021-04-13 20:04 | Read:974 | Comments:0 | Tags:Time to Patch CVE-2021-28310 CVE-2021-28480 CVE-2021-28481 C

Ghidra 101: Loading Windows Symbols (PDB files)

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effec
Publish At:2021-03-09 03:02 | Read:717 | Comments:0 | Tags:Cyber Security database Ghidra Windows

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud