HackDig : Dig high-quality web security articles for hackers

Microsoft Office Files Most Popular for Exploit Tests

A new report examines attacker methodologies to better understand how exploit testing is conducted in the wild. Security researchers who analyzed attackers' exploit testing process concluded that exploits never go out of style. Many can remain popular and reliable tools over time, partly due to dependence on legacy systems.Recorded Future's Insikt Group soug
Publish At:2020-06-04 13:15 | Read:304 | Comments:0 | Tags: exploit

Firefox fixes cryptographic data leakage in latest security update

byPaul DucklinWe don’t know whether lockdown has anything to do with it, but how time flies!We couldn’t believe it either – it’s four weeks since Firefox’s last regular security update.If you want to check your version numbers, Firefox 76.0 is now replaced by 77.0; Firefox 68.8.0ESR is now 68.9.0ESR, and the Tor Browser, based o
Publish At:2020-06-03 14:05 | Read:237 | Comments:0 | Tags:Firefox Mozilla Exploit vulnerability

Many Exchange Servers Are Still Vulnerable to Remote Exploit

A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.Almost four months after Microsoft patched a serious vulnerability in Microsoft Exchange servers, more than 350,000 Internet-connected servers continue to be vulner
Publish At:2020-06-03 12:02 | Read:154 | Comments:0 | Tags: exploit

Russia-linked APT exploited at least 3 Exim flaws in recent attacks

Several flaws in the Exim mail transfer agent (MTA) have been exploited by Russia-linked hackers, hundreds of thousands of servers are still unpatched. Russia-linked threat actors have exploited several vulnerabilities in the Exim mail transfer agent (MTA) in their campaigns. Last week, the U.S. National Security Agency (NSA) warned that Russia-linked
Publish At:2020-06-03 05:42 | Read:194 | Comments:0 | Tags:Breaking News Hacking Exim hacking news information security

Several Exim Vulnerabilities Exploited in Russia-Linked Attacks

Several vulnerabilities affecting the Exim mail transfer agent (MTA) have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but hundreds of thousands of servers remain unpatched.The U.S. National Security Agency (NSA) issued an alert last week to urge users to update their Exim servers to version 4.93 or newer,
Publish At:2020-06-02 12:56 | Read:142 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Vulnera

Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software.In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019.The vulnerability (CVE-2019-10149) first appeared in
Publish At:2020-05-29 09:32 | Read:202 | Comments:0 | Tags:IT Security and Data Protection Latest Security News MTA San

NSA warns Russia-linked APT group is exploiting Exim flaw since 2019

The U.S. NSA warns that Russia-linked APT group known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA). The U.S. National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software
Publish At:2020-05-28 18:26 | Read:231 | Comments:0 | Tags:APT Breaking News Hacking Security CVE-2019-10149 Exim infor

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploit
Publish At:2020-05-28 06:34 | Read:225 | Comments:0 | Tags:APT reports Google Chrome Malware Technologies Microsoft Win

New iPhone jailbreak released

byPaul DucklinApple’s latest iOS versions have only been out for a week.The updates are new enough that Apple’s own Security updates page still lists [2020-05-26T14:00Z] the security holes that were fixed in iOS 13.5 and iOS 12.4.7 as “details available soon”.But there’s a jailbreak available already for iOS 13.5, released by th
Publish At:2020-05-26 12:55 | Read:315 | Comments:0 | Tags:Apple iOS DMCA Exploit ios iPhone jailbreak right to repair

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

byLisa VaasWhen work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misco
Publish At:2020-05-18 12:27 | Read:322 | Comments:0 | Tags:Malware Security threats Vulnerability .net Adobe Flash Apac

Phishers Start to Exploit Oil Industry Amid COVID-19 Woes

While a massive flood of attacks has yet to materialize, cybersecurity experts say this could be the calm before the storm.The oil and gas industry has been taking a beating as severe as any other hit hard by the COVID-19 shutdown. Tanker ships loaded with crude idle in the ocean, traders struggle to store what has already been pumped, and last week prices p
Publish At:2020-05-03 14:48 | Read:686 | Comments:0 | Tags: exploit

CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, L
Publish At:2020-05-03 08:57 | Read:471 | Comments:0 | Tags:Breaking Android BlueFrag Bluetooth exploit

Exploiting java deserialization vulnerabilities in crypto contexts - a java applet case-study

Hi,regardless of being a deprecated technology, there are still many legacy applications relying on java applets out there. A bit of time ago we were involved in an atypical web application penetration test.The difficulty consisted in the fact that the java serialized payload responsible for triggerring the vulnerability was located inside the authenticated
Publish At:2020-05-03 08:30 | Read:443 | Comments:0 | Tags: exploit

TrickBot operators exploit COVID-19 as lures

IBM X-Force researchers spotted a new COVID-19-themed campaign spreading the infamous TrickBot trojan through fake messages. IBM X-Force researchers uncovered a new COVID-19-themed campaign that is spreading the infamous TrickBot trojan through fake messages. The spam messages pretend to be sent by the Department of Labor’s Family and Medical Leave Act
Publish At:2020-05-03 08:26 | Read:411 | Comments:0 | Tags:Breaking News Cyber Crime Malware coronavirus COVID-19 it se

A Zoom zero-day exploit is up for sale for $500,000

Millions of people have moved onto the Zoom video-conferencing platform as the Coronavirus pandemic has forced them to work from their homes.According to Zoom’s own statistics, its daily usage has soared from approximately 10 million daily users in December to over 200 million today. And although Zoom must be pleased to see so many more people using it
Publish At:2020-04-16 10:46 | Read:560 | Comments:0 | Tags:Featured Articles IT Security and Data Protection vulnerabil


Share high-quality web security related articles with you:)