HackDig : Dig high-quality web security articles

Emergency Chrome 103 Update Patches Actively Exploited Vulnerability

While many expected — or at least hoped — that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability.The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to G
Publish At:2022-07-04 20:11 | Read:72 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Google patches new Chrome zero-day flaw exploited in attacks

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022."Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.The 103.0.5060.1
Publish At:2022-07-04 13:58 | Read:78 | Comments:0 | Tags:Security Google exploit

2022 0-day In-the-Wild Exploitation…so far

ul.lst-kix_68660h7uawx-0{list-style-type:none}ul.lst-kix_68660h7uawx-1{list-style-type:none}ul.lst-kix_68660h7uawx-2{list-style-type:none}ul.lst-kix_68660h7uawx-3{list-style-type:none}ul.lst-kix_68660h7uawx-4{list-style-type:none}ul.lst-kix_68660h7uawx-5{list-style-type:none}ul.lst-kix_68660h7uawx-6{list-style-type:none}.lst-kix_68660h7uawx-7>li:before{conte
Publish At:2022-07-04 10:55 | Read:73 | Comments:0 | Tags: exploit

Half of actively exploited zero-day issues in H1 2022 are variants of previous flaws

Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference in June 2022, the presentation is titled “0-day In-the-Wild Exploitation in 2022…so far“. S
Publish At:2022-07-03 10:00 | Read:144 | Comments:0 | Tags:Breaking News Security hacking news information security new

Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool

Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical vulnerability, tracked as CVE-2022-28219 (CVSS 9.8 out of 10), in the Zoho ManageEngine ADAudit Pl
Publish At:2022-07-02 17:32 | Read:207 | Comments:0 | Tags:Breaking News Hacking CVE-2022-28219 hacking news informatio

Zoho ManageEngine ADAudit Plus bug gets public RCE exploit

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.The vulnerability allows an unauthenticated attacker to execute code remotely and compromise Active Directory accounts. It comes with
Publish At:2022-07-01 17:56 | Read:221 | Comments:0 | Tags:Security exploit

CISA orders agencies to patch Windows LSA bug exploited in the wild

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates.The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022-26925 and confir
Publish At:2022-07-01 13:46 | Read:171 | Comments:0 | Tags:Security Microsoft exploit CISA

ZuoRAT Exploits Weaknesses in SOHO Routers to Target Remote Employees

A Remote Access Trojan (RAT) is a type of malware that provides the attacker with full remote control over your system. When a RAT reaches your computer, it allows the hacker to easily access your local files, secure login authorization, and other sensitive information, or use that connection to download viruses you could unintentionally pass on to others.Wh
Publish At:2022-06-30 09:43 | Read:267 | Comments:0 | Tags:Cybersecurity News RAT exploit

CISA warns of hackers exploiting PwnKit Linux vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.The security flaw, identified as CVE-2021-4034, was found in the Polkit's pkexec component used by all major distributions (including Ubuntu, Debian, Fedora, and CentOS).PwnKit is a memory corrupt
Publish At:2022-06-29 13:58 | Read:167 | Comments:0 | Tags:Security Vulnerability exploit CISA hack

CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by
Publish At:2022-06-28 16:12 | Read:210 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

AnyDesk Public Exploit Disclosure - Arbitrary file write by symbolic link attack lead to denial-of-service attack on loc

Hi FullDisclosure,I would like to publish an exploit that I found on AnyDesk as follows.# Exploit Title: AnyDesk allow arbitrary file write by symbolic linkattack lead to denial-of-service attack on local machine# Google Dork: [if applicable]# Date: 24/5/2022# Exploit Author: Erwin Chan# Vendor Homepage: https://anydesk.com/en# Software Link: https://anydesk
Publish At:2022-06-28 05:28 | Read:196 | Comments:0 | Tags: exploit

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command (CGCYBER) are warning that the threat of Log4Shell hasn’t gone away. It’s being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerability in something called Log4j. This open s
Publish At:2022-06-27 07:53 | Read:244 | Comments:0 | Tags:Exploits and vulnerabilities Malwarebytes news exploit log4s

Threat actors sell access to tens of vulnerable networks compromised by exploiting Atlassian 0day

A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by
Publish At:2022-06-26 15:20 | Read:344 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Atlassian Atlassian Conflu

Attackers exploited a zero-day in Mitel VOIP devices to compromise a network 

Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerabili
Publish At:2022-06-25 08:10 | Read:345 | Comments:0 | Tags:Breaking News Hacking Malware hacking news information secur

CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day

Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.The discovery is added confirmation that ransomware criminals are increasingly investing in zero-day exploits for use in data-extortion attacks and that poorly configured network devices present a
Publish At:2022-06-24 12:02 | Read:359 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3