HackDig : Dig high-quality web security articles for hackers

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs

A hacker has posted a list of one-line exploits to steal VPN credentials from almost 50,000 Fortinet VPN devices.Present on the list of vulnerable targets are domains belonging to high street banks and government organizations from around the world.Researchers find thousands of targetsThe vulnerability being referred to here is CVE-2
Publish At:2020-11-22 13:19 | Read:107 | Comments:0 | Tags:Security Technology exploit hack

VMware addresses flaws exploited at recent Tianfu Cup

VMware has addressed two serious ESXi vulnerabilities that were demonstrated at the Tianfu Cup International PWN Contest. VMware has released patches for two serious ESXi vulnerabilities that were disclosed during the 2020 Tianfu Cup International PWN Contest. The Tianfu Cup is the most important hacking contest held in China, the total bonus of the co
Publish At:2020-11-20 18:06 | Read:195 | Comments:0 | Tags:Breaking News Hacking Security ESXI hacking news information

Facebook patches Messenger audio snooping bug – update now!

byPaul DucklinModern telephony is full of anachronisms.For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up.But when was the last time you saw, let alone used, a phone that actually had a dial? And we still use idioms such as &#
Publish At:2020-11-20 14:55 | Read:151 | Comments:0 | Tags:Privacy Vulnerability Exploit Facebook Facebook Messenger vu

VMware Patches Vulnerabilities Exploited at Chinese Hacking Contest

VMware on Thursday announced releasing patches for a couple of serious ESXi vulnerabilities that were demonstrated at a recent hacking contest in China.At the 2020 Tianfu Cup International PWN Contest, which took place earlier this month in China, participants earned a total of more than $1.2 million for exploits targeting Chrome, Safari, Firefox, Adobe Read
Publish At:2020-11-20 08:59 | Read:90 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit hack

Publicly Available Exploit Code Gives Attackers 47-Day Head Start

When exploit code is released into the wild, it gives attackers a 47-day head start on their targets, new research has warned.Kenna Security teamed up with the Cyentia Institute to analyze 473 vulnerabilities from 2019 where there was some evidence of exploitation in the wild.Over the succeeding 15 months, the team noted when a vulnerability was discovered,
Publish At:2020-11-19 08:32 | Read:163 | Comments:0 | Tags: exploit

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability.  Symantec’s Threat Hunter Team, a Broadcom division, uncovered a global campaign conducted by a China-linked APT10 cyber-espionage group targeting businesses using the recently-disclosed ZeroLogon vu
Publish At:2020-11-18 19:18 | Read:89 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Malware APT10 Cybere

Chinese APT10 hackers use Zerologon exploits against Japanese orgs

A Chinese state-sponsored hacking group has been observed while attempting to exploit the Windows Zerologon vulnerability in attacks against Japanese companies and subsidiaries from multiple industry sectors in 17 regions around the globe.This global cyber-espionage campaign has been attributed to the APT10 state-backed hackers based on inform
Publish At:2020-11-18 15:43 | Read:81 | Comments:0 | Tags:Security exploit hack

SQL Injection Attack And Exploiting SQL Injection Part – 2

In the previous blog, we understood the extreme basics of SQL Injection. But in this, we are going to look for some high-level possibilities of a SQL Injection attack.SQL Injection is one of the most common vulnerabilities encountered on the web and can also be one of the most dangerous. Attackers can inject malicious SQL code in order to extract sensitive i
Publish At:2020-11-18 08:49 | Read:186 | Comments:0 | Tags:Knowledge-base SQL Injection Website Security DNS based exfi

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, we’ve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One of those campaigns we dubbed ‘malsmoke’ h
Publish At:2020-11-16 15:06 | Read:158 | Comments:0 | Tags:Exploits Social engineering Threat analysis exploit kits Fal

Google fixes more Chrome zero-days exploited in the wild

Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild.Google Chrome 86.0.4240.198 will roll out over the coming days. To upgrade, you have to go to Settings -> Help -> 'About Google Chrome' to allow the browser to automatically check for the new u
Publish At:2020-11-12 15:24 | Read:88 | Comments:0 | Tags:Security Google exploit

Google Patches Two More Chrome Zero-Days Exploited in Attacks

Google has released another update for Chrome 86 to patch two more zero-day vulnerabilities that have been exploited in the wild.Google has credited “anonymous” for reporting the flaws — it’s unclear if it’s the same or two different anonymous individuals — and it has not shared any information about the attacks in which they have been exploited. It’s also u
Publish At:2020-11-12 09:52 | Read:147 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Muhstik botnet adds Oracle WebLogic and Drupal exploits

Muhstik botnet leverages known web application exploits to compromise IoT devices, now it targeting Oracle WebLogic, Drupal. Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least 2018. Botnet operators monetize their efforts via XMRig, cgmining and with DDoS-for-hire services.  T
Publish At:2020-11-11 15:41 | Read:143 | Comments:0 | Tags:Uncategorized exploit botnet

Google and Mozilla fixed issues exploited at 2020 Tianfu Cup hacking contest

Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest. The vulnerability in Chrome
Publish At:2020-11-11 15:41 | Read:166 | Comments:0 | Tags:Breaking News Hacking Security 2020 Tianfu Cup Chrome Firefo

Vulnerabilities Exploited at Chinese Hacking Contest Patched in Firefox, Chrome

Mozilla and Google have already patched the critical Firefox and Chrome vulnerabilities exploited recently by white hat hackers at a competition in China.The Firefox vulnerability, tracked as CVE-2020-26950, has been described as an issue related to write side effects in MCallGetProperty opcode not being accounted for.“In certain circumstances, the MCallGetP
Publish At:2020-11-11 10:28 | Read:226 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit hack

Microsoft Patch Tuesday fixes CVE-2020-17087 currently under active exploitation

Microsoft Patch Tuesday updates for November 2020 address 112 flaws, including a Windows bug that was chained with Chrome issues in attacks. Microsoft Patch Tuesday updates for November 2020 address 112 vulnerabilities in multiple products, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer (IE), Edge (EdgeHTML-based a
Publish At:2020-11-11 04:30 | Read:217 | Comments:0 | Tags:Breaking News Security Chrome CVE-2020-17087 Hacking hacking

Tools