HackDig : Dig high-quality web security articles

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for
Publish At:2023-06-08 21:20 | Read:13651 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Introducing Windows Notification Facility’s (WNF) Code Integrity

By Yarden Shafir, Senior Security Engineer WNF (Windows Notification Facility) is an undocumented notification mechanism that allows communication inside processes, between processes, or between user mode processes and kernel drivers. Similar to other notification mechanisms like ETW (Event Tracing for Windows) and ALPC (Advanced Local Procedure Call), WNF c
Publish At:2023-05-15 17:18 | Read:101074 | Comments:0 | Tags:Research Practice Windows

Microsoft vs Google spat sees users rolling back security updates to fix browser issues

We like to imagine we’re in total control of our desktop experience, carefully curated to look and work the way we want it to. However, every so often a story comes along which reminds us how little control we have when the big players notice one another's existence. A recent Windows update really wants you to use Edge instead of rival browsers, to the
Publish At:2023-05-06 22:02 | Read:158074 | Comments:0 | Tags:News Chrome Windows Edge browser update Microsoft default in

Decoy dog toolkit plays the long game with Pupy RAT

Researchers at Infoblox have discovered a new toolkit being used in the wild called Decoy Dog. It targets enterprises, and has a fondness for deploying a remote access trojan called Pupy RAT. Activity from the RAT was first noticed earlier this month. Subsequent research revealed that it has been in operation since at least April last year. An initial t
Publish At:2023-04-26 22:02 | Read:256294 | Comments:0 | Tags:News Pupy RAT nation state russia decoy dog toolkit linux mo

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The X-Force Vulnerability and Exploit Database shows that the number of zero days being released each year is on the rise, but X-Force has observed that only a few of these zero days are rapidly adopted by cyber criminals each year. While every zero day is important and
Publish At:2023-03-30 13:55 | Read:199895 | Comments:0 | Tags:Software Vulnerabilities Endpoint Incident Response Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This i
Publish At:2023-03-21 17:15 | Read:307451 | Comments:0 | Tags:Software Vulnerabilities Application Security Endpoint Threa

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Wind
Publish At:2023-03-20 17:27 | Read:167852 | Comments:0 | Tags:Endpoint Incident Response Malware Threat Hunting Threat Res

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefor
Publish At:2023-02-21 11:39 | Read:294616 | Comments:0 | Tags:Software Vulnerabilities Application Security Endpoint Secur

On the 20th Safer Internet Day, what was security like back in 2004?

Today is the 20th Safer Internet Day. Since 2004, there's been an annual event designed to "Promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world." 2004 was a key year for several safety activities, encompassing both Safer Internet Day and the Safer Internet Forum. As it w
Publish At:2023-02-07 22:16 | Read:157725 | Comments:0 | Tags:News safer internet day SID 2004 2005 20th anniversary secur

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine.” Pure remote vulnerabi
Publish At:2023-01-20 15:36 | Read:359259 | Comments:0 | Tags:Security Services Software Vulnerabilities Threat Research C

Microsoft ends Windows 7 security updates – effective today

Starting today, January 10th, Windows 7 Enterprise and Professional operating systems will no longer receive security updates. Thus, computers that still run these OS will no longer be protected against critical vulnerabilities. Apart from the operating system itself, browsers (both Edge and third-party browsers), as well as services from other non-Microsoft
Publish At:2023-01-10 09:55 | Read:206912 | Comments:0 | Tags:Mobile News News Security Windows Windows 7 security

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows
Publish At:2022-12-14 13:48 | Read:276408 | Comments:0 | Tags:Latest Warnings Security Tools Time to Patch Apple zero-day

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes) successfully phished a European diplomatic entity. The attack stands out f
Publish At:2022-11-10 07:50 | Read:403710 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence APT29 h

Patch Tuesday, November 2022 Election Edition

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous W
Publish At:2022-11-09 01:52 | Read:353680 | Comments:0 | Tags:Time to Patch AskWoody CVE-2022-41073 CVE-2022-41080 CVE-202

Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch

An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that could allow bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures.
Publish At:2022-10-31 15:46 | Read:476272 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud