HackDig : Dig high-quality web security articles

SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022

Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first t
Publish At:2022-12-09 10:31 | Read:6203 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security exploit hac

Cisco discloses high-severity IP phone bug with exploit code

Cisco has disclosed today a high-severity vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.The company warned on Thursday that its Product Security Incident Response Team (PSIRT) is "aware that proof-of-concept exploit code is available" and that the "vulnerabil
Publish At:2022-12-08 16:12 | Read:23269 | Comments:0 | Tags:Security exploit

Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total

On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned a total of more than $280,000 for smart speaker, smartphone, printer, router, and NAS exploits.A significant chunk of the total amount was earned for smart speaker hacks, specifically vulnerabilities targeting Sonos One smart speakers.A team from ​​Qr
Publish At:2022-12-08 10:31 | Read:34634 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security exploit

Zerobot: New Botnet Campaign Exploits Vulnerabilities

Recently, a Go-based botnet, Zerobot, was seen spreading in the wild. It took advantage of nearly two dozen different security vulnerabilities found in IoT devices and other software. The malware infects devices with a DDoS botnet, which launches powerful attacks against specified targets.The campaign allegedly began after November 18, and primarily singles
Publish At:2022-12-08 08:11 | Read:35018 | Comments:0 | Tags:Cybersecurity News exploit botnet

Google Documents IE Browser Zero-Day Exploited by North Korean Hackers

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.Tracked as CVE-2022-41128 (CVSS score of 8.8), the vulnerability was identified in the browser’s ‘JScript9’ JavaScript engine and can be exploited by remote attackers to execute arbitrary co
Publish At:2022-12-07 18:26 | Read:30976 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Google: State hackers still exploiting Internet Explorer zero-days

Google's Threat Analysis Group (TAG) revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability (known as a zero-day) to infect South Korean targets with malware.Google TAG was made aware of this recent attack on October 31 when multiple VirusTotal submitters from South Korea uploaded a
Publish At:2022-12-07 16:11 | Read:26599 | Comments:0 | Tags:Security exploit hack

New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices

A new Go-based malware named ‘Zerobot’ has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.The purpose of the malware is to add compromised devices to a distributed denial-of-serv
Publish At:2022-12-07 16:11 | Read:43065 | Comments:0 | Tags:Security exploit

New Go-based botnet Zerobot exploits dozens of flaws

Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications. “This botn
Publish At:2022-12-07 11:49 | Read:44556 | Comments:0 | Tags:Breaking News Cyber Crime Internet of Things Malware botnet

Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits

On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.The competition organized by Trend Micro’s Zero Day Initiative (ZDI) offers significant prizes for hacking mobile phones, wireless routers, home automation hubs, printers, smart speaker
Publish At:2022-12-07 10:30 | Read:32906 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security exploit hac

McAfee 2023 Threat Predictions: Evolution and Exploitation

As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape.   This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It also saw the introduction of AI tools that ar
Publish At:2022-12-07 02:22 | Read:58276 | Comments:0 | Tags:Security News AI cryptocurrency 2023 threat predictions web3

Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches

Last week, Netgear released hotfixes for a network misconfiguration in Nighthawk RAX30 (AX2400) routers that could allow a remote attacker to gain unrestricted access to services otherwise intended for the local network.The bug existed because the WAN interface of these devices had IPv6 enabled by default, but did not apply for IPv6 traffic access restrictio
Publish At:2022-12-06 10:30 | Read:64841 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

CISA orders agencies to patch exploited Google Chrome bug by Dec 26th

The Cybersecurity and Infrastructure Security Agency (CISA) has added one more security vulnerability to its list of bugs known to be exploited in attacks.The flaw (tracked as CVE-2022-4262) was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users.In a security advisory published righ
Publish At:2022-12-05 20:09 | Read:96532 | Comments:0 | Tags:Security exploit CISA

A New Malware Exploits A Critical Vulnerability on Redis Servers

To gain control of infected systems and, likely, to construct a botnet network, a new Go-based malware is targeting Redis servers. The attacks exploited a critical security flaw to plant a hidden backdoor and enable command execution.Redis (Remote Dictionary Server) is an open-source, in-memory data structure store, used by developers as a database, cache, a
Publish At:2022-12-05 12:08 | Read:84672 | Comments:0 | Tags:Cybersecurity News Vulnerability exploit

Crimeware trends: self-propagation and driver exploitation

Introduction If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, we highlighted an increase in the popularity of platform-independent languages and ESXi support, and recently, we wrote about ransomware borrowing these propagation me
Publish At:2022-12-05 07:34 | Read:62257 | Comments:0 | Tags:Malware reports crimeware Cybercrime Drivers Malware Malware

Google fixed the ninth actively exploited Chrome zeroday this year

Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262, that is actively exploited. The CVE-2022-4262 vulnerability is a type confusion bug
Publish At:2022-12-03 11:50 | Read:82956 | Comments:0 | Tags:Breaking News Hacking Security Chrome CVE-2022-4262 hacking

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud