HackDig : Dig high-quality web security articles for hacker

Retefe banking Trojan leverages EternalBlue exploit to infect Swiss users

Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of mal
Publish At:2017-09-24 03:40 | Read:95 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware banking trojan Ete

New Verizon data leak, the second one in a few months

Experts at Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems. It has happened again, security researchers with Kromtech Security Research Center discovered a new Verizon leak exposed confidential and sensitive data on internal systems. Leaked data includes server logs and credentials f
Publish At:2017-09-23 09:15 | Read:49 | Comments:0 | Tags:Breaking News Data Breach Chris Vickery data breach data lea

SEC announces it was hacked, information may have been used for insider trading

The top U.S. markets regulator SEC announced a security breach, accessed data might have been used by crooks for insider trading. The U.S. Securities and Exchange Commission (SEC) announced that cyber criminals had previously breached its database of corporate announcements in 2016 and likely they have used it for insider trading. On Wednesday, the SEC Chair
Publish At:2017-09-22 14:45 | Read:169 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Hacking data breach in

CCleaner hackers targeted tech giants with a second-stage malware

The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a second-
Publish At:2017-09-22 14:45 | Read:126 | Comments:0 | Tags:APT Breaking News Cyber Crime Hacking Malware APT17 backdoor

Crooks using Linux.ProxyM IoT botnet to send spam messages

Experts at security firm Doctor Web discovered a new botnet of IoT devices leveraging the Linux.ProxyM, that is used by crooks for mass spam mailings. The most popular thingbot since now is the Mirai, but it isn’t the only one targeting Linux-based internet-of-things (IoT) devices. Researchers with security firm Doctor Web discovered a new botnet of Io
Publish At:2017-09-22 14:45 | Read:137 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Internet of Things Malware

German Intelligence First Developed Attacks Against Tor

Online anonymity represents a serious problem for government and law enforcement agencies; it has been debated a long about the difficulties to investigate when suspects use anonymizing networks and communication platforms leveraging on end-to-end encryption.Now secret documents reveal that the German spy agency BND has developed a system to monitor th
Publish At:2017-09-22 13:15 | Read:60 | Comments:0 | Tags:Hacking

Iranian cyber spies APT33 target aerospace and energy organizations

The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. The APT33
Publish At:2017-09-21 20:20 | Read:100 | Comments:0 | Tags:APT Breaking News Cyber Crime Cyber warfare Hacking APT33 cy

Experts spotted a login page flaw in Joomla that exposes admin credentials

Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Acces
Publish At:2017-09-21 20:20 | Read:94 | Comments:0 | Tags:Breaking News Hacking authentication Joomla 3.8 LDAP

ISPs in at least two countries were involved in delivering surveillance FinFisher Spyware

Security researchers at ESET have uncovered a surveillance campaign using a new variant of FinFisher spyware, also known as FinSpy. Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved. “New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy
Publish At:2017-09-21 20:20 | Read:71 | Comments:0 | Tags:Breaking News Cyber Crime Cyber warfare Hacking Intelligence

Optionsbleed vulnerability can cause Apache servers to leak memory data

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially
Publish At:2017-09-21 01:55 | Read:104 | Comments:0 | Tags:Breaking News Hacking Apache server memory leak Optionsbleed

Kernel Exploitation-Part 3

Over the last two articles of this series, we have come a long way around kernel exploitation. We started with finding a buffer overflow in driver code to parsing of different structures to steal the token. In the final part of this series, we will combine the whole parts plus provide some finishing touches to complete the exploit.In last part of this
Publish At:2017-09-21 00:25 | Read:111 | Comments:0 | Tags:Hacking exploit

aIR-Jumper – A malware exfiltrates data via security cameras and infrared

Researchers at the Ben-Gurion University developed a PoC malware dubbed aIR-Jumper that uses security cameras with Infrared capabilities to exfiltrate data. The team of researchers at the Ben-Gurion University of the Negev in Israel composed of Mordechai Guri, Dima Bykhovsky‏, Yuval Elovici developed a PoC malware that leverages security cameras with Infrare
Publish At:2017-09-20 07:30 | Read:121 | Comments:0 | Tags:Breaking News Hacking air-gappend networks aIR-Jumper

Viacom left the keys of its digital kingdom on a publicly exposed AWS S3 bucket

The security researcher Chris Vickery discovered that Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket. Media giant Viacom left sensitive data and secret access key on unsecured Amazon AWS S3 bucket, a gift for hackers. Viacom controls Paramount Pictures, MTV, Comedy Central and Nickelodeon. The huge trove of dat
Publish At:2017-09-20 07:30 | Read:120 | Comments:0 | Tags:Breaking News Data Breach Hacking Chris Vickery data leak ds

Hackers exploit an undocumented Word feature for user fingerprinting

Kaspersky researchers discovered a new attack technique leveraging an undocumented Word feature to gather information on users. Kaspersky researchers discovered a new attack technique leveraging Microsoft Word documents to gather information on users. The technique is innovative because it doesn’t use active content such as macros or exploits, it exploits an
Publish At:2017-09-19 13:05 | Read:67 | Comments:0 | Tags:Breaking News Hacking undocumented Word Word exploit

Was Torrent Site The Pirate Bay Being Sneaky or Creative By Tricking Visitors Into Monero Mining

Users noticed a cryptocurrency miner surfaced on The Pirate Bay, the world’s largest torrenting for a day over the weekend. Pop quiz: would you rather A) see ad banners displayed at the top of the website, or B) mine Monero cryptocurrency when you visit a website? Judging by the number of downloads for ad blocking browser extensions, no one likes banner ads.
Publish At:2017-09-19 13:05 | Read:105 | Comments:0 | Tags:Breaking News Hacking Security Bitcoin miner Monero Pirate B

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud