HackDig : Dig high-quality web security articles for hacker

Actively Developed Capesand Exploit Kit Emerges in Attacks

A newly discovered exploit kit (EK) is being employed in live attacks despite the fact that it’s still in an unfinished state, Trend Micro’s security researchers reveal.Dubbed Capesand, the toolkit was discovered in October 2019, when a malvertising campaign employing the RIG EK to drop DarkRAT and njRAT switched to using it for delivery instead.The new thre
Publish At:2019-11-11 22:15 | Read:93 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Microsoft: BlueKeep Exploit Will Likely Deliver More Damaging Payloads

After news broke that cybercriminals have started leveraging the BlueKeep vulnerability to deliver cryptocurrency miners, Microsoft has warned that the exploit will likely also be used to deliver more “impactful and damaging” payloads.While there is no evidence that BlueKeep has been exploited to distribute ransomware or other types of malware, Microsoft bel
Publish At:2019-11-11 22:15 | Read:90 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Siemens PLC Feature Can Be Exploited for Evil - and for Good

A hidden feature in some newer models of the vendor's programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.An undocumented access feature in some newer models of Siemens programmable logic controllers (PLCs) can be used as both a weapon by attackers as well as a forensic tool for defenders, researchers have discov
Publish At:2019-11-11 22:10 | Read:134 | Comments:0 | Tags: exploit

Using Expert Rules in ENS 10.5.3 to Prevent Malicious Exploits

Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+. Expert Rules provide additional parameters and allow much more flexibility than the custom rules that can be created in the Access Protection policy. It also allows system administration to control / monitor an endpoint system at a
Publish At:2019-10-25 16:45 | Read:405 | Comments:0 | Tags:McAfee Labs exploit

Maxthon Browser Vulnerability Can Help Attackers in Post-Exploitation Phase

Researchers have discovered a vulnerability in the Maxthon 5 Browser for Windows. Maxthon is a freeware browser developed by Maxthon Ltd, a firm headquartered in Beijing, China, and with offices in San Francisco, CA. Maxthon claims to be the default browser for 670 million worldwide users.The vulnerability was discovered by researchers at SafeBreach Labs, an
Publish At:2019-10-23 10:15 | Read:342 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

RobbinHood: the ransomware that exploits its own reputation

Back in May, the city of Baltimore was brought to a standstill. All of the city hall’s systems were infected with a new ransomware variant called RobbinHood. The cyberattacker demanded a 13 bitcoin ($76,000; €68.9612) ransom to decrypt the systems. This same variant was first seen in an attack on the city of Greenville, North Carolina in April. RobbinHood us
Publish At:2019-10-23 04:15 | Read:298 | Comments:0 | Tags:Business Malware News advanced cybersecurity Ransomware expl

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi
Publish At:2019-10-18 16:50 | Read:531 | Comments:0 | Tags:Business cybercriminals exploit exploit kits exploits patch

Researcher released PoC exploit code for CVE-2019-2215 Android zero-day flaw

A researcher has published a proof-of-concept (PoC) exploit code for the CVE-2019-2215 zero-day flaw in Android recently addressed by Google Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability, tracked as CVE-2019-2215, in Android. According to the expert, the bug was allegedly being used or sold by
Publish At:2019-10-18 10:45 | Read:284 | Comments:0 | Tags:Breaking News Hacking Mobile CVE-2019-2215 hacking nres info

Hacking Team 0-day Flash Wave with Exploit Kits

After Hacking Team was compromised, a lot of information were publicly disclosed beginning 5th of July, particularly its business clients and a zero-day vulnerability for the Adobe Flash Player that they have been using. Since the info about the first zero-day was made freely available, we knew attackers would swiftly move into using it. As expected, the fla
Publish At:2019-10-18 10:30 | Read:267 | Comments:0 | Tags: exploit

Security by Sector: Cyber-Criminals Seek to Exploit Automotive Manufacturing

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data se
Publish At:2019-10-18 07:40 | Read:483 | Comments:0 | Tags: exploit

Researcher Publishes PoC Exploit for Recent Android Zero-Day

A security researcher has published a proof-of-concept (PoC) exploit for the recently addressed Android zero-day vulnerability that impacts Pixel 2 devices.Tracked as CVE-2019-2215, the existence of this vulnerability was made public at the beginning of October, when Google Project Zero security researcher Maddie Stone revealed that attackers had already bee
Publish At:2019-10-18 03:30 | Read:313 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

FaceSentry Access Control System 6.4.8 Remote Root Exploit

Title: FaceSentry Access Control System 6.4.8 Remote Root Exploit Advisory ID: ZSL-2019-5525 Type: Local/Remote Impact: System Access Risk: (5/5) Release Date: 30.06.2019SummaryFaceSentry 5AN is a revolutionary smart identitymanagement appliance that offers entry via biom
Publish At:2019-10-18 00:00 | Read:501 | Comments:0 | Tags: exploit

FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit

Title: FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Advisory ID: ZSL-2019-5526 Type: Local/Remote Impact: System Access Risk: (5/5) Release Date: 30.06.2019SummaryFaceSentry 5AN is a revolutionary smart identitymanagement appliance that offers ent
Publish At:2019-10-18 00:00 | Read:462 | Comments:0 | Tags: exploit

World’s Largest Child Exploitation Site Shut After Bitcoin Analysis

Global investigators have traced Bitcoin payments to locate and shutdown the dark web’s largest child exploitation website, arrest hundreds of users and rescue dozens of abused children, according to unsealed court documents.On March 5 2018, agents from Homeland Security Investigations (HIS), Internal Revenue Service, Criminal Investigation (IRS-C
Publish At:2019-10-17 08:30 | Read:180 | Comments:0 | Tags: exploit

iTunes Zero-Day Vulnerability Exploited by BitPaymer Ransomware

The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio
Publish At:2019-10-11 00:05 | Read:381 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vi

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud