HackDig : Dig high-quality web security articles

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The U.S. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. The popular lib
Publish At:2021-10-23 11:45 | Read:105 | Comments:0 | Tags:Breaking News Malware Cryptocurrency miner Cybersecurity cyb

Groove ransomware group calls on other ransomware gangs to hit US public sector

Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil was itself hacked a
Publish At:2021-10-22 19:37 | Read:33 | Comments:0 | Tags:Breaking News Cyber Crime Malware Groove ransomware Hacking

Facebook SSRF Dashboard allows hunting SSRF vulnerabilities

Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software. Facebook announced to have designed a new tool, named SSRF Dashboard, that allows security researchers to search for Server-Side Request Forgery (SSRF) vulnerabilities. Server-side request forgery is a web securit
Publish At:2021-10-22 18:20 | Read:86 | Comments:0 | Tags:Breaking News Hacking Facebook information security news IT

DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown

Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies
Publish At:2021-10-22 11:45 | Read:143 | Comments:0 | Tags:Breaking News Cyber Crime Malware Bitcoin Cybersecurity cybe

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them
Publish At:2021-10-22 07:49 | Read:123 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime FIN7 ha

FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts

Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a new rootkit discovered by researchers from Bitdefender, it is able to evade detection by abusing a Microsoft-issued digital signature. Driver packages that pass Windows Hardware Lab Kit (HLK
Publish At:2021-10-22 03:53 | Read:66 | Comments:0 | Tags:Breaking News Cyber Crime Malware FiveSys rootkit Hacking ha

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw Lock
Publish At:2021-10-21 19:36 | Read:138 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cybercrime Evil Corp Hacki

A flaw in WinRAR could lead to remote code execution

A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker to hack a system. Positive Technologies researcher Igor Sak-Sakovskiy discovered a remote code execution vulnerability, tracked as CVE-2021-35052, in the popular WinRAR trialware file archiver utility for Windows. The vulnerability af
Publish At:2021-10-21 16:14 | Read:109 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Administrators of bulletproof hosting sentenced to prison in the US

The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. Th
Publish At:2021-10-21 11:44 | Read:77 | Comments:0 | Tags:Breaking News Cyber Crime bulletproof hosting Cybercrime Hac

Top 5 Attack Vectors to Look Out For in 2022

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty o
Publish At:2021-10-21 03:52 | Read:159 | Comments:0 | Tags:Breaking News Security attack vectors Hacking hacking news i

US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule an
Publish At:2021-10-21 03:52 | Read:150 | Comments:0 | Tags:Laws and regulations Security Hacking hacking news informati

YouTube creators’ accounts hijacked with cookie-stealing malware

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, t
Publish At:2021-10-20 19:36 | Read:145 | Comments:0 | Tags:Breaking News Hacking account hijacking Cybersecurity hackin

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Researchers warn of a new evolution of the PurpleFox botnet, operators included exploits and leverage WebSockets for C2 communication. Researchers from TrendMicro have documented a recent evolution of the PurpleFox botnet, the experts discovered a new .NET backdoor, dubbed FoxSocket, that is highly associated with the PurpleFox operation. Its operator
Publish At:2021-10-20 18:20 | Read:103 | Comments:0 | Tags:Breaking News Malware Cybersecurity cybersecurity news Hacki

High school student rickrolls entire school district, and gets praised

A student at a high school in Cook County successfully hacked into the Internet-of-Things (IoT) devices of one of the largest school districts in Illinois, and gave everyone a surprise. Minh (aka @WhiteHoodHacker on Twitter) who attends Elk Grove—a name that curiously resembles the home town of legendary anti-hero, Ash Williams—rickrolled the entire Towns
Publish At:2021-10-20 14:10 | Read:221 | Comments:0 | Tags:Hacking D214 Elk Grove Minh rickroll school prank school ric

China-linked LightBasin group accessed calling records from telcos worldwide

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunicati
Publish At:2021-10-20 11:44 | Read:206 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Malware

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3