HackDig : Dig high-quality web security articles for hacker

Drupal fixes the CVE-2017-6922 flaw exploited in spam campaigns in the wild

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The C
Publish At:2017-06-23 07:05 | Read:114 | Comments:0 | Tags:Breaking News Hacking CMS CVE-2017-6922 Cybercrime Drupal Pi

OpenVPN fixed several remotely exploitable flaws that were not detected by recent audits

OpenVPN fixed several vulnerabilities that could be exploited by remote attackers, the flaws were not detected in a recent audit. Recently two distinct audits were conducted to discover security issues in the OpenVPN, many flaws were found but some vulnerabilities were not spotted by the experts. Four of the vulnerabilities in OpenVPN 2.4.2, were found by th
Publish At:2017-06-23 07:05 | Read:155 | Comments:0 | Tags:Breaking News Hacking OpenVPN RCE exploit

Attackers can exploit electronic cigarettes to hack computers

Hackers can exploit electronic cigarettes and any other electronic device to deliver a malware in a poorly protected network. In November 2014, in a discussion started on the Reddit news media website it has been debated the case of a malware implanted by using electronic cigarettes connected over USB. Hackers are able to exploit any electronic device to del
Publish At:2017-06-22 12:40 | Read:128 | Comments:0 | Tags:Breaking News Hacking charger electronic cigarettes malware

AdGholas Malvertising Campaign Employs Astrum Exploit Kit

At the end of April this year, we found Astrum exploit kit employing Diffie-Hellman key exchange to prevent monitoring tools and researchers from replaying their traffic. As AdGholas started to push the exploit, we saw another evolution: Astrum using HTTPS to further obscure their malicious traffic. We spotted a new AdGholas malvertising campaign using the A
Publish At:2017-06-20 11:50 | Read:144 | Comments:0 | Tags:Bad Sites Ransomware AdGholas Astrum exploit kit malvertisin

Pinkslipbot banking Trojan exploiting infected machines as control servers

Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot) that leverages UPnP to open ports, allowing incoming connections from anyone on the Internet to commu
Publish At:2017-06-19 11:00 | Read:199 | Comments:0 | Tags:Breaking News Cyber Crime Malware Banking Malware botnet Cyb

Troll 2 exploitation walkthrough

This write-up will walk you through an exploitation of Troll 2 a boot2root VM; the challenge is designed my Maleus. You can download the VM from the following link https://www.vulnhub.com/entry/tr0ll-2,107/Lab set up:Open VMware > Edit >” Virtual Network Editor.”Click on “Add Network” and add any 1 Network example VMnet02S
Publish At:2017-06-16 07:50 | Read:124 | Comments:0 | Tags:Hacking exploit

Microsoft patches two critical remote code execution (RCE) flaws that have been exploited in attacks

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulner
Publish At:2017-06-14 02:05 | Read:143 | Comments:0 | Tags:Breaking News Hacking Uncategorized critical remote code exe

Mouseover PowerPoint attack exploited to deliver the Gootkit Trojan

Experts at Trend Micro observed a spam campaign leveraging the PowerPoint ‘Mouseover’ attack to deliver the Gootkit banking Trojan. Earlier this week, the security expert Ruben Daniel Dodge published an interesting post on a new technique to deliver malware through PowerPoint files leveraging on mouseover events. Now experts at Trend Micro reveal
Publish At:2017-06-10 06:00 | Read:275 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware banking trojan Goo

Don’t Wait for the Next WannaCry — Update Your SMB Protocol Before It’s Too Late

Much has been written about WannaCry, and the security community has learned countless valuable lessons from the unprecedented ransomware attack. One thing that is seldom mentioned, however, is how to protect your infrastructure against future Server Message Block (SMB) exploits. Removing the Insecure SMB Protocol Microsoft has three different versions of
Publish At:2017-06-09 10:30 | Read:190 | Comments:0 | Tags:Network Exploit Infrastructure Protection Microsoft Network

WannaCry Exploit Could Infect Windows 10

The EternalBlue remote kernel exploit used in WannaCry could be used to infect unpatched Windows 10 machines with malware, researchers find.A flaw in unpatched versions of Window 10 could leave machines vulnerable to EternalBlue, the remote kernel exploit behind the recent WannaCry ransomware attack.WannaCry targeted a Server Message Block (SMB) critical vul
Publish At:2017-06-06 21:30 | Read:281 | Comments:0 | Tags: exploit

NSA Exploit EternalBlue is becoming even common in hacking tools and malware

Security Experts are observing a significant increase in the number of malware and hacking tools leveraging the ETERNALBLUE NSA exploit. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. ETERNALBLUE targets the SMBv1 protocol and is has become widely adopted in the community of malware developers. Invest
Publish At:2017-06-04 02:20 | Read:297 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime ETERNAL

A recently discovered Linux flaw could be exploited by Sudo Users to gain Root Privileges

Security researchers at Qualys Security have discovered a Linux Flaw that could be exploited to escalate privileges and overwrite any file on the filesystem. Security researchers at Qualys Security have discovered a Linux flaw that could be exploited to gain root privileges and overwrite any file on the filesystem on SELinux-enabled systems. The high severit
Publish At:2017-05-31 17:55 | Read:262 | Comments:0 | Tags:Breaking News Hacking LINUX Linux flaw privileges escalation

De-Ice1.20a and b Exploitation

Walkthrough of De-Ice 1.20aThis write-up will walk you through an exploitation of De-Ice a and b VM. The VM can be downloaded from the following URL http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso.Configuration:De-ICE_S1.120 is a VM that has static IP of 192.168.1.120, so we need to be in 192.168.1.x series to pentest the VM. Configure bridge ne
Publish At:2017-05-31 16:25 | Read:344 | Comments:0 | Tags:Hacking exploit

You can take Shadow Brokers Zero Day Exploit Subscriptions for $21,000 per month

Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month. A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. Shado
Publish At:2017-05-30 23:35 | Read:307 | Comments:0 | Tags:Uncategorized Cybercrime Equation group Hacking malware Micr

OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit

Title: OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Advisory ID: ZSL-2017-5410 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information Risk: (4/5) Release Date: 30.05.2017Summary With the decision
Publish At:2017-05-30 17:40 | Read:220 | Comments:0 | Tags: exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud