HackDig : Dig high-quality web security articles

BazarCall attacks have revolutionized ransomware operations

The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk ransomware gang in 2020/2021. The BazarCall attack chain is composed of the following stages: S
Publish At:2022-08-12 05:27 | Read:313 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware bazarcall Conti ra

Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite

Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide. Zimbra is an email and collaboration platform used
Publish At:2022-08-12 05:27 | Read:262 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key

Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA key
Publish At:2022-08-11 02:05 | Read:320 | Comments:0 | Tags:Breaking News Hacking Security CISCO CISCO ASA Cisco FTD inf

Ex Twitter employee found guilty of spying for Saudi Arabian government

A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information of certain Twitter users and passing them to Saudi Arabia. “Ahmad Abouammo, a US resident born in Egypt, was found guilty by a jury Tuesday of charges inc
Publish At:2022-08-11 02:05 | Read:353 | Comments:0 | Tags:Breaking News Cyber Crime Intelligence Security Social Netwo

Cisco was hacked by the Yanluowang ransomware gang

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Ta
Publish At:2022-08-10 17:33 | Read:353 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware CISCO Cybercrime h

Experts found 10 malicious packages on PyPI used to steal developers’ data

10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers. The researchers p
Publish At:2022-08-10 13:23 | Read:200 | Comments:0 | Tags:Breaking News Hacking Malware Security Cybercrime hacking ne

Risky Business: Enterprises Can’t Shake Log4j flaw

70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch them. Eight months later many Global 2000 firms are still fighting to mitigate the digital assets and business risks associated with Log
Publish At:2022-08-10 13:23 | Read:272 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Hackers behind Twilio data breach also targeted Cloudflare employees

Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees and their family members received text messages on their personal and work phones. According to th
Publish At:2022-08-10 10:01 | Read:270 | Comments:0 | Tags:Breaking News Hacking CloudFlare hacking news information se

CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw, tracked as CVE-2022-30333 (CVSS score: 7.5), in the UnRAR utility to its Known Exploited Vulnerabilities Cata
Publish At:2022-08-10 08:10 | Read:246 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

Experts linked Maui ransomware to North Korean Andariel APT

Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group,  North Korean nation-state actors used Maui ransomware to encrypt s
Publish At:2022-08-09 13:23 | Read:327 | Comments:0 | Tags:APT Breaking News Hacking Malware Andariel Andariel APT info

Chinese actors behind attacks on industrial enterprises and public institutions

China-linked threat actors targeted dozens of industrial enterprises and public institutions in Afghanistan and Europe. In January 2022, researchers at Kaspersky ICS CERT uncovered a series of targeted attacks on military industrial enterprises and public institutions in Afghanistan and East Europe. The attackers breached dozens of enterprises and in s
Publish At:2022-08-09 11:10 | Read:184 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Cyberes

US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North Korea. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned the crypto mixer service Tornado Cash used by North Korean-linked Lazarus APT Group. Today, Treasury sanctioned vi
Publish At:2022-08-09 08:10 | Read:395 | Comments:0 | Tags:APT Breaking News Cyber Crime Digital ID Hacking hacking new

Malicious file analysis – Example 01

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. For this first one, I’ll briefly introduce some crucial
Publish At:2022-08-09 05:27 | Read:233 | Comments:0 | Tags:Breaking News Malware Hacking hacking news IT Information Se

Orchard botnet uses Bitcoin Transaction info to generate DGA domains

Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. &
Publish At:2022-08-08 21:31 | Read:292 | Comments:0 | Tags:Breaking News Cyber Crime Digital ID Malware Hacking hacking

Twilio discloses data breach that impacted customers and employees

Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS ph
Publish At:2022-08-08 15:20 | Read:305 | Comments:0 | Tags:Breaking News Data Breach Hacking Cybercrime hacking news in

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud