HackDig : Dig high-quality web security articles for hacker

Magnitude Exploit Kit Now Targeting South Korea With Magniber Ransomware

A new ransomware is being distributed by the Magnitude exploit kit: Magniber (detected by Trend Micro as RANSOM_MAGNIBER.A and TROJ.Win32.TRX.XXPE002FF019), which we found targeting South Korea via malvertisements on attacker-owned domains/sites. The development in Magnitude’s activity is notable not only because it eschewed Cerber—its usual ransomware paylo
Publish At:2017-10-21 18:05 | Read:4237 | Comments:0 | Tags:Bad Sites Exploits Ransomware CERBER CVE-2016-0189 Locky Ran

a-PATCH-e: Struts Vulnerabilities Run Rampant

by Steve Povolny Equifax confirmed the attack vector used in its data breach to be CVE-2017-5638, a vulnerability patched last March 2017 via S2-045. The vulnerability was exploited to gain unauthorized access to highly sensitive data of approximately 143 million U.S. and 400,000 U.K. customers, as well as 100,000 Canadian consumers. This vulnerability was f
Publish At:2017-09-22 02:45 | Read:4468 | Comments:0 | Tags:Exploits Vulnerabilities Apache Struts CVE-2017-5638 CVE-201

Advisory: BlueBorne Reportedly Affects Billions of Bluetooth-Enabled Devices

by Vít Šembera (Cyber Threat Researcher) BlueBorne is a set of vulnerabilities affecting the implementation of Bluetooth in iOS, Android, Linux, Windows and Mac OS* devices. According to the researchers who uncovered them, BlueBorne affects around 5.3 billion Bluetooth-enabled devices. The immediate mitigation for BlueBorne is to patch the device, if there’s
Publish At:2017-09-15 23:05 | Read:4635 | Comments:0 | Tags:Exploits Internet of Things Vulnerabilities BlueBorne Blueto

Zerodium is offers $1 Million for Tor Browser Exploits

The company ZERODIUM announced it will pay up to $1 million for fully working zero day exploits for Tor Browser on Tails Linux and Windows OSs. The zero-day broker Zerodium offers $1 million for Tor Browser exploits with the intent to unmask Tor users. The controversial firm will then resell the zero-day exploit for Tor browser to law enforcement and governm
Publish At:2017-09-14 03:50 | Read:3250 | Comments:0 | Tags:Breaking News Deep Web Hacking Bug Bounty exploits Pierluigi

Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly

By Buddy Tancio Fileless malware can be a difficult threat to analyze and detect. It shouldn’t be a surprise that an increasing number of new malware threats are fileless, as threat actors use this technique to make both detection and forensic investigation more difficult. We recently found a new cryptocurrency miner (which we detect as TROJ64_COINMINER.QO)
Publish At:2017-08-21 22:35 | Read:3429 | Comments:0 | Tags:Exploits Malware cryptocurrency EternalBlue WMI

New Disdain Exploit Kit Detected in the Wild

By Chaoying Liu and Joseph C. Chen The exploit kit landscape has been rocky since 2016, and we’ve observed several of the major players—Angler, Nuclear, Neutrino, Sundown—take a dip in operations or go private. New kits have popped up sporadically since then, sometimes revamped from old sources, but none have really gained traction. Despite that fact,
Publish At:2017-08-17 08:05 | Read:2888 | Comments:0 | Tags:Exploits exploit kit exploit

The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard

In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities
Publish At:2017-08-16 13:40 | Read:7352 | Comments:0 | Tags:Exploits Internet of Things intelligent transportation syste

How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players

Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And usually, for that purpose the game itself is abused. In the particular scenario we are describing in this
Publish At:2017-08-08 15:20 | Read:3657 | Comments:0 | Tags:Exploits Vulnerabilities API Chat Program API Discord ROBLOX

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

by Lenart Bermejo, Ronnie Giagone, Rubio Wu, and Fyodor Yarochkin  A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts;
Publish At:2017-08-07 10:55 | Read:2774 | Comments:0 | Tags:Exploits Malware backdoor CVE-2017-0199 JavaScript Powershel

ProMediads Malvertising and Sundown-Pirate Exploit Kit Combo Drops Ransomware and Info Stealer

With additional insights/analysis from Chaoying Liu We’ve uncovered a new exploit kit in the wild through a malvertising campaign we’ve dubbed “ProMediads”. We call this new exploit kit Sundown-Pirate, as it’s indeed a bootleg of its precursors and actually named so by its back panel. ProMediads has been active as early as 2016, employing Rig and Sundown exp
Publish At:2017-07-19 15:35 | Read:3659 | Comments:0 | Tags:Bad Sites Exploits exploit kit LockPOS malvertising ProMedia

Linux Users Urged to Update as a New Threat Exploits SambaCry 

by Mohamad Mokbel, Tim Yeh, Brian Cayanan A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to
Publish At:2017-07-18 21:10 | Read:3583 | Comments:0 | Tags:Exploits Vulnerabilities exploit

July Patch Tuesday Addresses Critical Vulnerability in Microsoft HoloLens

Last month’s Patch Tuesday highlighted updates for older Windows versions to address vulnerabilities responsible for the WannaCry outbreak. This month’s Patch Tuesday shifts its focus to other technologies, with an update that addresses 54 vulnerabilities – including one in the augmented reality sphere. One notable vulnerability in this month’s Patch T
Publish At:2017-07-12 17:50 | Read:2598 | Comments:0 | Tags:Exploits Vulnerabilities Vulnerability

Microsoft Patches Windows XP Again As Part of June Patch Tuesday

Last month, in reaction to the WannaCry outbreak that affected Windows users all over the world, Microsoft released a patch for Windows XP—an operating system it had stopped supporting in 2014. As part of the June Patch Tuesday cycle, Microsoft has decided to issue patches for XP and other older platforms that have reached End of Support (EOS) status. They c
Publish At:2017-06-15 02:55 | Read:3387 | Comments:0 | Tags:Exploits Vulnerabilities Patch Tuesday June 2017

Victim Machine has joined #general: Using Third-Party APIs as C&C Infrastructure

Imagine a well-experienced security analyst at a major company going through his normal routine of checking logs at the end of the workday. A quick look at the company’s security solution logs reveal nothing too peculiar or alarming — except for one thing: a higher than normal amount of traffic to the office’s newly introduced third-party chat platform. He d
Publish At:2017-06-06 16:20 | Read:3028 | Comments:0 | Tags:Exploits Vulnerabilities API Chat Program API Discord Slack

MS-17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver

The EternalBlue exploit took the spotlight last May as it became the tie that bound the spate of malware attacks these past few weeks—the pervasive WannaCry, the fileless ransomware UIWIX, the Server Message Block (SMB) worm EternalRocks, and the cryptocurrency mining malware Adylkuzz. EternalBlue (patched by Microsoft via MS17-010) is a security flaw relate
Publish At:2017-06-02 13:20 | Read:3681 | Comments:0 | Tags:Exploits Vulnerabilities EternalBlue MS17-010 Server Message


Share high-quality web security related articles with you:)


Tag Cloud