HackDig : Dig high-quality web security articles for hackers

Exploiting the XML External Entity Injection XXE Attack Vulnerability

Hey people, in this blog we will see what is XXE attack infusion and show some basic model assaults, and lastly sum up this post with techniques to prevent XML External Entity Vulnerability.  XML External Entity XXE technically is a vulnerability that permits the hacker to find or view the data from the internal file systems of the application server and
Publish At:2021-02-24 08:31 | Read:83 | Comments:0 | Tags:Knowledge-base XML External Entity xxe attack Vulnerability

Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers Leak

A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group’s exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers’ “Lost in Translation” leak, cybersecurity firm Check Point says in a new report.Tracked as CVE-2017-0005, the vulnerability was addressed by Microsoft in March 2017
Publish At:2021-02-22 14:59 | Read:86 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Vulnera

Chinese hackers used NSA exploit years before Shadow Brokers leak

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017.EpMe is the original exploit created by Equation Group around 2013 for a Windows zero-day bug tracked as CVE-2017-2005.The vulnerability was used for escalating Windows user privileges after ga
Publish At:2021-02-22 12:43 | Read:53 | Comments:0 | Tags:Security exploit hack

Recently fixed Windows zero-day actively exploited since mid-2020

Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.The actively exploited zero-day bug is tracked as 'CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability.'It allows local att
Publish At:2021-02-20 13:55 | Read:196 | Comments:0 | Tags:Security Microsoft exploit

In-the-Wild Series: Chrome Exploits

@import url('https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw');ol{margin:0;padding:0}table td,table th{padding:0}.c10{border-right-style:solid;padding:5pt 5pt 5pt 5pt;border-bottom-color:#e0e0e0;border-top-width:1pt;border-right-width:1pt;border-left-color:#e0e0e0;vertical-align:top;border-right-color:#e0e0e0;border-left-wid
Publish At:2021-02-19 11:47 | Read:97 | Comments:0 | Tags: exploit

In-the-Wild Series: Android Exploits

ul.lst-kix_lw3zh1qbhlji-0{list-style-type:none}ul.lst-kix_lw3zh1qbhlji-1{list-style-type:none}.lst-kix_f28qers2ka94-4>li{counter-increment:lst-ctn-kix_f28qers2ka94-4}ul.lst-kix_lw3zh1qbhlji-6{list-style-type:none}.lst-kix_o1lgec7ujykk-8>li:before{content:"- "}ul.lst-kix_lw3zh1qbhlji-7{list-style-type:none}ul.lst-kix_lw3zh1qbhlji-8{list-style-type:none}ul.ls
Publish At:2021-02-19 11:47 | Read:136 | Comments:0 | Tags: exploit android

In-the-Wild Series: Windows Exploits

@import url('https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw');.lst-kix_7wd9rjsbnhpd-5>li:before{content:"025a0 "}.lst-kix_ujffjs3qawk9-3>li:before{content:"025cf "}.lst-kix_7wd9rjsbnhpd-4>li:before{content:"025cb "}.lst-kix_7wd9rjsbnhpd-6>li:before{content:"025cf "}.lst-kix_ujffjs3qawk9-2>li:before{content:"025a0 "}.ls
Publish At:2021-02-19 11:47 | Read:108 | Comments:0 | Tags: exploit

In-the-Wild Series: Android Post-Exploitation

@import url('https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWdbV0WvE1cEyAoIq5yYZlSc');.lst-kix_awzz6jhne7dj-6>li:before{content:"025cf "}.lst-kix_ps5q64vwwpgt-4>li:before{content:"- "}.lst-kix_ps5q64vwwpgt-3>li:before{content:"- "}.lst-kix_awzz6jhne7dj-4>li:before{content:"025cb "}.lst-kix_awzz6jhne7dj
Publish At:2021-02-19 11:47 | Read:123 | Comments:0 | Tags: exploit android

Windows Exploitation Tricks: Trapping Virtual Memory Access

.lst-kix_rewf8lfzymzq-6>li{counter-increment:lst-ctn-kix_rewf8lfzymzq-6}ol.lst-kix_rewf8lfzymzq-4.start{counter-reset:lst-ctn-kix_rewf8lfzymzq-4 0}.lst-kix_rewf8lfzymzq-0>li{counter-increment:lst-ctn-kix_rewf8lfzymzq-0}.lst-kix_rewf8lfzymzq-7>li:before{content:"" counter(lst-ctn-kix_rewf8lfzymzq-7,lower-latin) ". "}.lst-kix_rewf8lfzymzq-8>li:before{content:"
Publish At:2021-02-19 11:47 | Read:129 | Comments:0 | Tags: exploit

Half of Apps Contain at Least One Serious Exploitable Vulnerability

At least 50% of apps used in sectors such as manufacturing, public services, healthcare, retail, education and utilities contain one or more serious exploitable vulnerabilities, according to a new study by WhiteHat Security.This is particularly concerning given the shift to digital across most sectors in the past year increasing the number of apps being util
Publish At:2021-02-18 12:26 | Read:113 | Comments:0 | Tags: Vulnerability exploit

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

byPaul DucklinDigital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.According to Confiant, this group is behind a massive number of those annoying and sca
Publish At:2021-02-17 16:07 | Read:139 | Comments:0 | Tags:CVE-2021-1801 Exploit ios iPhone ScamClub vulnerability expl

WebKit Zero-Day Vulnerability Exploited in Malvertising Operation

A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine.Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub. The group has been around for several years, launching ma
Publish At:2021-02-16 18:35 | Read:165 | Comments:0 | Tags:NEWS & INDUSTRY Fraud & Identity Theft Vulnerabiliti

Malvertisers exploited browser zero-day to redirect users to scams

The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.ScamClub malvertisers are notorious for their noisy tactics that cons
Publish At:2021-02-16 12:25 | Read:196 | Comments:0 | Tags:Security exploit

Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees

Users' distrust of corporate security teams is exposing businesses to unnecessary vulnerabilities.In early January, Colin McMillen, the lead developer at SemiColin Games, tweeted a warning about a popular Google Chrome extension, The Great Suspender. The utility came under fire after McMillen learned the developer sold it to a third party that silently relea
Publish At:2021-02-15 11:20 | Read:106 | Comments:0 | Tags: exploit security

Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits

Traditionally the second Tuesday of the month is Microsoft’s “patch Tuesday”. This is the day when they roll out all the available patches for their software, and their operating systems in particular. Since there were no less than 56 patches in this month’s issue we will focus on the most important ones. Not that 56 is an awful lot. There were more than
Publish At:2021-02-10 14:12 | Read:205 | Comments:0 | Tags:Malwarebytes news exploit

Tools

Tag Cloud