HackDig : Dig high-quality web security articles for hackers

New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

By Augusto Remillano II and Jemimah Molina We discovered a new Mirai variant (detected as  IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants. This discovery is a new addition to the Mirai variants that appeared in the past
Publish At:2020-07-11 02:25 | Read:188 | Comments:0 | Tags:Botnets Internet of Things internet of things Mirai exploit

Hackers Find Way to Bypass Mitigation for Exploited BIG-IP Vulnerability

Researchers have found a way to bypass one of the mitigations proposed by F5 Networks for the actively exploited BIG-IP vulnerability, but malicious hackers leveraged the bypass method before its public disclosure.F5’s BIG-IP application delivery controller (ADC), specifically its Traffic Management User Interface (TMUI) configuration utility, is affected by
Publish At:2020-07-08 09:52 | Read:95 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

Authors of Purple Fox EK adds 2 Microsoft exploits

The authors of the Purple Fox EK have integrated two new exploits for Microsoft vulnerabilities to the Purple Fox EK. The Purple Fox EK continues to be improved by its authors that implemented two new exploits for Microsoft critical- and high-severity Microsoft vulnerabilities. The Purple Fox EK appears to have been built to replace the notorious RIG e
Publish At:2020-07-07 12:01 | Read:213 | Comments:0 | Tags:Breaking News Cyber Crime Malware exploit kit Hacking malver

Purple Fox Exploit Kit Targets Vulnerabilities Linked to DarkHotel Group

The developers of the Purple Fox exploit kit (EK) have added two new exploits to their arsenal, including one for a vulnerability addressed in February this year.Initially detailed in September 2018, the EK was designed for the distribution of the Purple Fox Trojan/Rootkit. Previously, the Trojan was being disseminated through the RIG EK, but its operators w
Publish At:2020-07-07 10:42 | Read:74 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Malware Vulnerabilit

BIG-IP Vulnerability Exploited to Deliver DDoS Malware

Hackers continue to exploit the recently patched BIG-IP security flaw and they have plenty of potential targets as researchers have identified thousands of vulnerable systems.The vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC) is tracked as CVE-2020-5902 and it was disclosed last week by the vendor and Positive Technologies,
Publish At:2020-07-07 06:51 | Read:129 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Virus & Threats Virus &a

Purple Fox Exploit Kit Adds Two Microsoft Vulnerabilities

Security company Proofpoint has identified two new exploits coded into Purple Fox, an exploit kit that has evolved dramatically in the last year. The updates show that cyber-criminals are continuing to invest in infection tools to help get their malware onto victims' systems even though exploit kits are declining as an attack technique, the company said.
Publish At:2020-07-06 18:13 | Read:146 | Comments:0 | Tags: exploit

Hackers Start Exploiting Recently Patched BIG-IP Vulnerability

Hackers have already started exploiting a recently patched vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC).F5 informed customers last week that a BIG-IP configuration utility named Traffic Management User Interface (TMUI) is impacted by a critical remote code execution vulnerability whose exploitation can result in “complete
Publish At:2020-07-06 05:50 | Read:148 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw

Attackers are already attempting to exploit the recently fixed bug in F5 Networks BIG-IP product, security experts warn. A few days after the disclosure of the vulnerability in the F5 Networks BIG-IP product. F5 Networks has recently addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages
Publish At:2020-07-06 05:09 | Read:177 | Comments:0 | Tags:Breaking News Hacking F5 Networks BIG-IP hacking news inform

APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

U.S. Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated n
Publish At:2020-06-30 17:53 | Read:187 | Comments:0 | Tags:Breaking News Hacking firewall hacking news information secu

US Cyber Command: Foreign APTs Likely to Exploit New Palo Alto Networks Flaw

Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon.The vulnerability, tracked as CVE-2020-2021 with a CVSS score of 10, affects PAN-OS 8.0, 8.1, 9.0 and 9.1, and it has been patched
Publish At:2020-06-30 08:50 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

Criminals Exploit Pandemic with Brute-Force RDP Attacks

ESET is the latest security company to notice a sharp spike in RDP-based hacks over the last few months. The anti-malware company spotted a rise in the number of brute-force attacks using the remote access protocol, and said that cyber-criminals have been using it to distribute ransomware.The Remote Desktop Protocol is a proprietary Microsoft protocol that a
Publish At:2020-06-29 17:10 | Read:92 | Comments:0 | Tags: exploit

New Lucifer DDoS botnet targets Windows systems with multiple exploits

A new botnet, tracked as Lucifer, appeared in the threat landscape, it leverages close to a dozen exploits to hack Windows systems. A new botnet tracked as Lucifer appeared in the threat landscape, it leverages a dozen exploits for high and critical severity flaws affecting Windows systems. Upon infecting a system the bot turns it into a cryptomining clie
Publish At:2020-06-26 09:38 | Read:160 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Internet of Things Malware

Lucifer Malware Abused Windows Exploits for Cryptomining, DDoS Attacks

New malware called “Lucifer” came with numerous exploits for conducting cryptomining functionality and performing distributed denial-of-service (DDoS) attacks on infected Windows machines.Palo Alto Networks’ Unit 42 research team identified two versions of Lucifer in their research. (Both variants bore the name “Satan DDoS,” but
Publish At:2020-06-25 12:20 | Read:188 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Lucifer

Magnitude exploit kit – evolution

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning
Publish At:2020-06-24 07:10 | Read:177 | Comments:0 | Tags:Featured Malware descriptions Browser Exploit Kits Malware D

A survey of recent iOS kernel exploits

Posted by Brandon Azad, Project ZeroI recently found myself wishing for a single online reference providing a brief summary of the high-level exploit flow of every public iOS kernel exploit in recent years; since no such document existed, I decided to create it here.This post summarizes original iOS kernel exploits from local app context targeting iOS 10 thr
Publish At:2020-06-22 11:43 | Read:179 | Comments:0 | Tags: IOS exploit


Share high-quality web security related articles with you:)