HackDig : Dig high-quality web security articles for hackers

Windows Zerologon PoC exploits allow domain takeover. Patch Now!

Researchers have released exploits for the Windows Zerologon CVE-2020-1472 vulnerability that allow an attacker to take control of a Windows domain. Install patches now!As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as 'CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerabilit
Publish At:2020-09-15 18:27 | Read:119 | Comments:0 | Tags:Microsoft Security exploit

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

CISA published an advisory on China-linked groups targeting government agencies by exploiting flaws in Microsoft Exchange, Citrix, Pulse, and F5 systems. CISA published a security advisory warning of a wave of attacks carried out by China-linked APT groups affiliated with China’s Ministry of State Security. Chinese state-sponsored hackers have pr
Publish At:2020-09-15 06:24 | Read:74 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Chinese hackers Citr

SoftServe hit by ransomware, Windows customization tool exploited

Ukrainian software developer and IT services provider SoftServe suffered a ransomware attack on September 1st that may have led to the theft of customers' source code.With over 8,000 employees and 50 offices worldwide, SoftServe is one of Ukraine's largest companies offering software development and IT consulting.News about a cyberattack on SoftServe fi
Publish At:2020-09-10 21:07 | Read:110 | Comments:0 | Tags:Security exploit ransomware

Cyber-Criminals Change Tactics to Exploit #COVID19

The COVID-19 pandemic has led to a significant shift in tactics employed by cyber-criminals, according to Bitdefender’s Mid-Year Threat Landscape Report 2020, published today.Threat actors have heavily focused on the issues related to the pandemic to launch attacks such as phishing, ransomware and malware as well as exploit the increased
Publish At:2020-09-08 15:35 | Read:125 | Comments:0 | Tags: exploit cyber

Pulse Secure Windows Client <9.1.6 (CVE-2020-13162) - exploit

Hi,we have just released an exploit for CVE-2020-13162. This vulnerability affects the Windows Client of Pulse Secure < 9.1.6. It is a TOCTOU and allow an attacker to escalate the privilige to NT_AUTHORITYSYSTEM.Details about the exploit itself can be found at https://www.redtimmy.com/privilege-escalation/pulse-secure-windows-client/Instead details about
Publish At:2020-09-04 13:25 | Read:154 | Comments:0 | Tags: exploit

Under Attack: How Threat Actors are Exploiting SOCKS Proxies

From the basic building blocks of the internet to cryptocurrency mining on a supercomputer, SOCKS sits at the core of computing. A SOCKS proxy can be used to improve network security in an enterprise, but can also be exploited by cybercriminals for nefarious reasons. Take a look at how SOCKS proxies have been manipulated recently by threat actors. What is
Publish At:2020-09-03 16:34 | Read:186 | Comments:0 | Tags:Advanced Threats Network Security Intelligence & Analytics C

Hackers are actively exploiting critical RCE in WordPress sites using File Manager plugin

Hackers actively exploiting a critical remote code execution vulnerability in the File Manager plugin, over 300,000 WordPress sites potentially exposed. Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbit
Publish At:2020-09-02 12:30 | Read:190 | Comments:0 | Tags:Breaking News Hacking File Manager plugin Wordpress exploit

Hackers actively exploiting severe bug in over 300K WordPress sites

Hackers are actively exploiting a critical remote code execution vulnerability allowing unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.On the morning of September 1, Arsys's Gonzalo Cruz was the first to discover the flaw and the fact that it was already being exploite
Publish At:2020-09-02 09:54 | Read:111 | Comments:0 | Tags:Security exploit wordpress hack

Cisco warns of actively exploited bugs in carrier-grade routers

Image: Taylor Vick09/01/20 Update below. This post was originally published on August 31st, 2020. We updated it to reflect that there are two actively exploited DVMRP Memory Exhaustion Vulnerabilities according to Cisco's updated security advisory.Cisco warned over the weekend that threat actors are trying to exploit two high severit
Publish At:2020-09-01 14:20 | Read:199 | Comments:0 | Tags:Security exploit

Cisco warns of actively exploited bug in carrier-grade routers

Image: Taylor VickCisco warned over the weekend that threat actors are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability in the company's Cisco IOS XR software that runs on carrier-grade routers.Cisco's IOS XR Network OS is deployed on multiple router platforms including NCS 540 & 560,
Publish At:2020-08-31 14:56 | Read:173 | Comments:0 | Tags:Security exploit

Hackers are trying to exploit DoS flaw in Cisco IOS XR software running in carrier-grade routers

Cisco warns that threat actors are attempting to exploit a high severity DoS flaw in its Cisco IOS XR software that runs on carrier-grade routers. Cisco warned over the weekend that attackers are trying to exploit a high severity memory exhaustion denial-of-service (DoS) vulnerability (CVE-2020-3566) affecting the Cisco IOS XR Network OS that ru
Publish At:2020-08-31 14:37 | Read:233 | Comments:0 | Tags:Breaking News Security CISCO Cisco IOS XR DOS Hacking hackin

Hackers for hire group target organizations via 3ds Max exploit

Experts discovered a new hacker hacker-for-hire group that is targeting organizations worldwide with malware hidden inside malicious 3Ds Max plugins. Security researchers from Bitdefender discovered a new hacker group that is currently targeting companies across the world with malware hidden inside malicious 3Ds Max plugins. Autodesk 3ds Max, formerly
Publish At:2020-08-26 13:29 | Read:197 | Comments:0 | Tags:Breaking News Cyber Crime Hacking 3ds Max hacking news infor

Mercenary Cyberspies Used Autodesk 3ds Max Exploits in Attacks

A sophisticated hack-for-hire group specializing in industrial espionage exploited the Autodesk 3ds Max modeling and animation software in an attack aimed at a company involved in luxury real estate projects, cybersecurity firm Bitdefender reported on Wednesday.Bitdefender has analyzed what it describes as an “APT-style cyberespionage attack” targeting an in
Publish At:2020-08-26 11:25 | Read:197 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

The Mirai botnet exploits a new vulnerability affecting companies around the world

Malware or malicious code has been around for over 40 years now, but its use to obtain control of a group of Internet-connected systems in something called a ‘botnet’ is a relatively new phenomenon. Botnets have been behind some of the most costly security incidents of the last 10 years and, consequently, companies around the world are going to great lengths
Publish At:2020-08-26 07:50 | Read:157 | Comments:0 | Tags:Business Malware News b2b botnets Mirai vulnerabilities Vuln

FBI, DHS & CISA report summarizes top 10 exploited vulnerabilities

Introduction: The US federal agencies helping to protect your systems from exploitsAccording to the Cybersecurity and Infrastructure Security Agency (CISA), foreign cyber actors often exploit software vulnerabilities that have been already addressed, banking on the fact that patches are not always timely applied. Public and private sector organizations
Publish At:2020-08-24 10:20 | Read:200 | Comments:0 | Tags:Exploit Development exploit FBI CISA

Tools

Tag Cloud