HackDig : Dig high-quality web security articles for hacker

US-CERT Warns of Remotely Exploitable Bugs in Medical Devices

Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.US-CERT has issued an advisory for vulnerabilities in Medtronic's Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, official
Publish At:2019-11-14 22:10 | Read:76 | Comments:0 | Tags: exploit

Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit

Title: Siemens Desigo PX V6.00 Web Remote Denial of Service Exploit Advisory ID: ZSL-2019-5542 Type: Local/Remote Impact: DoS Risk: (3/5) Release Date: 13.11.2019SummaryDesigo PX is a modern building automation and controlsystem for the entire field of building service pl
Publish At:2019-11-13 10:35 | Read:189 | Comments:0 | Tags: exploit

Microsoft Patches Another Internet Explorer Flaw Exploited in Attacks

Microsoft’s Patch Tuesday updates for November 2019 fix over 70 vulnerabilities, including an Internet Explorer flaw that has been exploited in attacks.The zero-day vulnerability, tracked as CVE-2019-1429, affects the scripting engine used by Internet Explorer 9, 10 and 11. Microsoft describes the security hole as a memory corruption bug that can allow an at
Publish At:2019-11-12 22:15 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Tech Support Scammers Exploiting Unpatched Firefox Bug

Mozilla is working on addressing a Firefox bug that has been exploited by tech support scammers to lock the browser when users visit specially crafted websites.Attacks were spotted recently by Jérôme Segura of Malwarebytes, who told SecurityWeek that there are currently two known Firefox bugs that have been abused in tech support scams.Exploitation only requ
Publish At:2019-11-12 10:15 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Fraud & Identity

New Exploit Kit Capesand Reuses Old and New Public Exploits and Tools, Blockchain Ruse

By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez We discovered a new exploit kit named Capesand in October 2019. Capesand attempts to exploit recent vulnerabilities in Adobe Flash and Microsoft Internet Explorer (IE). Based on our investigation, it also exploits a 2015 vulnerability for IE. It seems the cybercriminals behind the exploit kit are continuo
Publish At:2019-11-12 02:35 | Read:8 | Comments:0 | Tags:Exploits Malware Blockchain Capesand exploit kit exploit

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed th
Publish At:2019-11-12 01:05 | Read:49 | Comments:0 | Tags:Featured Incidents Google Chrome JavaScript Proof-of-Concept

The Unpatchable Checkra1n Exploit

Today, the “unpatchable” jailbreak known as  Checkra1n (Device Compatibility) was officially released and generally available. Checkra1n is unprecedented in potential impact with millions of devices at risk as a result of the extensive device and iOS targets. While this should concern anyone using any of the targeted devices or iOS versions, those using Zim
Publish At:2019-11-12 00:25 | Read:105 | Comments:0 | Tags:Threat Research checkra1n exploit

TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop! In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed fo
Publish At:2019-11-12 00:15 | Read:31 | Comments:0 | Tags:Events TROOPERS exploit

Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit

Title: Smartwares HOME easy v1.0.9 Database Backup Information Disclosure Exploit Advisory ID: ZSL-2019-5541 Type: Local/Remote Impact: Exposure of System Information, Exposure of Sensitive Information, Security Bypass Risk: (4/5) Release Date: 05.11.2019SummaryHome Easy/
Publish At:2019-11-11 22:35 | Read:92 | Comments:0 | Tags: exploit

Actively Developed Capesand Exploit Kit Emerges in Attacks

A newly discovered exploit kit (EK) is being employed in live attacks despite the fact that it’s still in an unfinished state, Trend Micro’s security researchers reveal.Dubbed Capesand, the toolkit was discovered in October 2019, when a malvertising campaign employing the RIG EK to drop DarkRAT and njRAT switched to using it for delivery instead.The new thre
Publish At:2019-11-11 22:15 | Read:29 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Microsoft: BlueKeep Exploit Will Likely Deliver More Damaging Payloads

After news broke that cybercriminals have started leveraging the BlueKeep vulnerability to deliver cryptocurrency miners, Microsoft has warned that the exploit will likely also be used to deliver more “impactful and damaging” payloads.While there is no evidence that BlueKeep has been exploited to distribute ransomware or other types of malware, Microsoft bel
Publish At:2019-11-11 22:15 | Read:32 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Siemens PLC Feature Can Be Exploited for Evil - and for Good

A hidden feature in some newer models of the vendor's programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.An undocumented access feature in some newer models of Siemens programmable logic controllers (PLCs) can be used as both a weapon by attackers as well as a forensic tool for defenders, researchers have discov
Publish At:2019-11-11 22:10 | Read:11 | Comments:0 | Tags: exploit

Using Expert Rules in ENS 10.5.3 to Prevent Malicious Exploits

Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+. Expert Rules provide additional parameters and allow much more flexibility than the custom rules that can be created in the Access Protection policy. It also allows system administration to control / monitor an endpoint system at a
Publish At:2019-10-25 16:45 | Read:327 | Comments:0 | Tags:McAfee Labs exploit

Maxthon Browser Vulnerability Can Help Attackers in Post-Exploitation Phase

Researchers have discovered a vulnerability in the Maxthon 5 Browser for Windows. Maxthon is a freeware browser developed by Maxthon Ltd, a firm headquartered in Beijing, China, and with offices in San Francisco, CA. Maxthon claims to be the default browser for 670 million worldwide users.The vulnerability was discovered by researchers at SafeBreach Labs, an
Publish At:2019-10-23 10:15 | Read:262 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

RobbinHood: the ransomware that exploits its own reputation

Back in May, the city of Baltimore was brought to a standstill. All of the city hall’s systems were infected with a new ransomware variant called RobbinHood. The cyberattacker demanded a 13 bitcoin ($76,000; €68.9612) ransom to decrypt the systems. This same variant was first seen in an attack on the city of Greenville, North Carolina in April. RobbinHood us
Publish At:2019-10-23 04:15 | Read:228 | Comments:0 | Tags:Business Malware News advanced cybersecurity Ransomware expl

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud