HackDig : Dig high-quality web security articles for hacker

Zerodium payouts for Messaging, Email App Exploits are $500,000

Zerodium payouts include up to $500,000 for RCE and privilege escalation vulnerabilities affecting popular instant messaging and email applications. The zero-day and exploit broker Zerodium, founded by former VUPEN co-founder Chaouki Bekrar, offers $500,000 for a zero-day exploit in secure messaging Messaging (i.e. such as WhatsApp, Signal, Facebook Messenge
Publish At:2017-08-25 12:20 | Read:199 | Comments:0 | Tags:Breaking News Hacking zero-Day Zerodium payouts exploit

Apple iOS Exploit Takes Complete Control of Kernel

Researcher demonstrates 'severe' ZIVA exploit at Hack in the Box.Multiple vulnerabilities in the AppleAVEDriver when linked together create an opportunity to launch an iOS exploit that can take full control of the iOS kernel, security researcher Adam Donenfeld of Zimperium's zLabs revealed today.Donenfeld, who today demonstrated the exploit at the&
Publish At:2017-08-25 05:30 | Read:219 | Comments:0 | Tags: IOS exploit

ziVA: Zimperium’s iOS Video Audio Kernel Exploit

Follow @doadam Following my previous post, I’m releasing ziVA: a fully chained iOS kernel exploit that (should) work on all the iOS devices running iOS 10.3.1 or earlier. The exploit itself consists of multiple vulnerabilities that were discovered all in the same module: AppleAVEDriver. The exploit will be covered in depth in my HITBGSEC talk held on August
Publish At:2017-08-24 04:35 | Read:389 | Comments:0 | Tags:iOS Threat Research IOS exploit

Neptune exploit kit used to deliver Monero cryptocurrency miners via malvertising

According to a new report published by FireEye, crooks have been using the Neptune exploit kit to deliver cryptocurrency miners via malvertising campaigns. According to experts at FireEye, crooks are exploiting the Neptune exploit kit (aka Terror EK, Eris, and Blaze) to delivery cryptocurrency miners via malvertising campaigns. The Neptune exploit kit was fi
Publish At:2017-08-23 05:05 | Read:307 | Comments:0 | Tags:Breaking News Cyber Crime Malware Andromeda Cybercrime malwa

Exploiting Industrial Collaborative Robots

By Lucas Apa (@lucasapa)Traditional industrial robots are boring. Typically, they are autonomous or operate with limited guidance and execute repetitive, programmed tasks in manufacturing and production settings.1 They are often used to perform duties that are dangerous or unsuitable for workers; therefore, they operate in isolation from humans an
Publish At:2017-08-23 01:15 | Read:194 | Comments:0 | Tags:cobot cobot hack collaborative robot industrial robot ioacti

Fileless cryptocurrency miner CoinMiner uses NSA EternalBlue exploit to spread

A new fileless miner dubbed CoinMiner appeared in the wild, it uses NSA EternalBlue exploit and WMI tool to spread. A new strain of Cryptocurrency Miner dubbed CoinMiner appeared in the wild and according to the experts it is hard to detect and infects Windows PCs via EternalBlue NSA exploit. CoinMiner is a fileless malware that leverages the WMI (Windows Ma
Publish At:2017-08-22 13:35 | Read:267 | Comments:0 | Tags:Breaking News Cyber Crime Malware CoinMiner Cybercrime ETERN

New Disdain Exploit Kit Detected in the Wild

By Chaoying Liu and Joseph C. Chen The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that fact,
Publish At:2017-08-17 08:05 | Read:208 | Comments:0 | Tags:Exploits exploit kit exploit

The Disdain exploit kit appears in the threat landscape

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively. The security researcher David Montenegro discovered a new exploit kit dubbed Disdain that is offered for rent on underground hacking forums by a malware developer using the pseudonym of Cehceny. Disdain Exploit Kit – New
Publish At:2017-08-15 12:50 | Read:339 | Comments:0 | Tags:Breaking News Cyber Crime Malware exploit

CVE-2017-0199: Crooks exploit PowerPoint Slide Show files to deliver malware

According to Trend Micro, cyber criminals abuse the CVE-2017-0199 vulnerability to deliver malware via PowerPoint Slide Show. In April Microsoft fixed the CVE-2017-0199  vulnerability in Office after threat actors had been exploiting it in the wild. Hackers leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and E
Publish At:2017-08-15 12:50 | Read:211 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware CVE-2017-0199 malw

Jailbreak versus Compromise…

We see a lot of confusion in the market about precisely what it means to jailbreak a device–and that confusion could lead to serious problems, especially with regard to the notion of a hacker performing a jailbreak to attack a device. The security industry is notoriously full of acronyms, buzzwords and generally opaque jargon. Here at Zimperium, we try
Publish At:2017-08-08 13:55 | Read:360 | Comments:0 | Tags:iOS Mobile security Mobile Threat Defense Exploit jailbreak

Thick Client Penetration Testing – 3(JavaDeserialization Exploit: RCE)

Thick Client Penetration Testing – 3 (Java Deserialization Exploit: Remote Code Execution) Welcome Readers, in the previous two blogs, we have learnt about the various test cases as well as setting up traffic for thick clients using interception proxy. Among the plethora of test cases out here, one particularly interesting is about “Remote Code Execution on
Publish At:2017-08-05 02:15 | Read:344 | Comments:0 | Tags:News exploit

How 'Postcript' Exploits Networked Printers

At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.Network printer exploits are like old dogs learning new tricks, according to a security researcher with Ruhr University.In his upcoming Black Hat presentation, Exploiting Network Printers, Jens Muller,
Publish At:2017-07-26 00:30 | Read:382 | Comments:0 | Tags: exploit

Expert exploited an unrestricted File Upload flaw in a PayPal Server to remotely execute code

The security researcher Vikas Anil Sharma exploited an unrestricted File Upload vulnerability in a PayPal Server to remotely execute code. The security researcher Vikas Anil Sharma has found a remote code execution vulnerability in a PayPal server. The expert was visiting the PayPal Bug Bounty page using the Burp software, below the response obtained opening
Publish At:2017-07-24 00:05 | Read:227 | Comments:0 | Tags:Breaking News Hacking hackig PayPal Server RCE unrestricted

A bug in Gnome pic parser can be exploited to run malicious VBScripts

A bug in your image thumbnailer could represent a new attack vector for hackers that can exploit it for script injection. Another day, another bug in a popular application. A bug in your image thumbnailer could represent a new attack vector for hackers that can exploit it for script injection. To create image thumbnails, Gnome Files allows users providing fi
Publish At:2017-07-20 22:05 | Read:291 | Comments:0 | Tags:Breaking News Hacking Gnome input validation VB script explo

ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer

With additional insights/analysis from Chaoying Liu We’ve uncovered a new exploit kit in the wild through a malvertising campaign we’ve dubbed “ProMediads”. We call this new exploit kit Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel. ProMediads has been active as early as 2016, employing Rig and Sundown exp
Publish At:2017-07-19 15:35 | Read:317 | Comments:0 | Tags:Bad Sites Exploits exploit kit LockPOS malvertising ProMedia

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud