HackDig : Dig high-quality web security articles for hackers

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta
Publish At:2020-06-23 14:30 | Read:275 | Comments:0 | Tags:Exploits and vulnerabilities artificial intelligence EDR end

Microsoft squishes 129 bugs with Patch Tuesday updates

byDanny BradburyWhoosh. You hear that? It’s the sound of Microsoft’s security fire hose spraying out a river of CVE fixes. That’s right – Patch Tuesday was this week and the software giant released patches to fix 129 CVEs.The lion’s share of the bugs are rated important, but there are 11 CVEs rated critical. They are remote code
Publish At:2020-06-11 07:24 | Read:381 | Comments:0 | Tags:Internet Explorer Microsoft Microsoft Edge Windows CVEs remo

Update now! Windows gets another bumper patch update

byJohn E DunnAfter a flurry of zero-day vulnerabilities in recent editions, May’s Patch Tuesday finally gives Windows users a month off having to fix ‘big’ exploited or public flaws.The catch is it’s still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes (the record being March’s 115 fixes), nearly half of which
Publish At:2020-05-18 12:28 | Read:562 | Comments:0 | Tags:Operating Systems Windows Adobe Acrobat Internet Explorer Mi

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

byJohn E DunnWeeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.Th
Publish At:2020-02-15 12:44 | Read:983 | Comments:0 | Tags:Adobe Internet Explorer Microsoft Operating Systems Vulnerab

From BinDiff to Zero-Day: A Proof of Concept Exploiting CVE-2019-1208 in Internet Explorer

By Elliot Cao (Vulnerability Researcher)  Last June, I disclosed a use-after-free (UAF) vulnerability in Internet Explorer (IE) to Microsoft. It was rated as critical, designated as CVE-2019-1208, and then addressed in Microsoft’s September Patch Tuesday. I discovered this flaw through BinDiff (a binary code analysis tool) and wrote a proof of concept (PoC)
Publish At:2019-09-19 14:50 | Read:2285 | Comments:0 | Tags:Vulnerabilities BinDiff CVE-2019-1208 Internet Explorer VBSc

Microsoft, Adobe Ship Critical Fixes

Microsoft today released security updates to fix almost a hundred security flaws in its various Windows operating systems and related software. One bug is so serious that Microsoft is issuing patches for it on Windows XP and other operating systems the company no longer officially supports. Separately, Adobe has pushed critical updates for its Flash and Shoc
Publish At:2017-06-13 16:05 | Read:4151 | Comments:0 | Tags:Other Adobe Flash Player update June 2017 CVE-2017-8543 Edge

CVE-2016-3298: Microsoft Puts the Lid on Another IE Zero-day Used in AdGholas Campaign

Microsoft’s Patch Tuesday for October fixed another previous zero-day vulnerability in Internet Explorer (IE) via MS16-118 and MS16-126: CVE-2016-3298. Before the lid was put on it, the security flaw was employed alongside CVE-2016-3351 by operators of the AdGholas malvertising campaign, analysis and disclosure of which were made with our collaboration with
Publish At:2016-11-19 12:05 | Read:4724 | Comments:0 | Tags:Exploits Vulnerabilities AdGholas CVE Internet Explorer malv

VERT Threat Alert: November 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-698 on Wednesday, November 9th.Ease of Use (published exploits) to Risk TableAutomated Exploit   MS16-132MS16-135Easy    Moderate    Difficult    Extremely DifficultMS16-129MS16-1
Publish At:2016-11-10 04:46 | Read:5941 | Comments:0 | Tags:Vulnerability Management Adobe Flash internet explorer micro

Microsoft: No More Pick-and-Choose Patching

Adobe and Microsoft today each issued updates to fix critical security flaws in their products. Adobe’s got fixes for Acrobat and Flash Player ready. Microsoft’s patch bundle for October includes fixes for at least five separate “zero-day” vulnerabilities — dangerous flaws that attackers were already exploiting prior to today
Publish At:2016-10-12 06:15 | Read:3968 | Comments:0 | Tags:Other adobe flash player Edge GDI+ internet explorer microso

VERT Threat Alert: August 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-684 on Wednesday, August 10th.EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLEAutomated ExploitEasyModerateDifficultExtremely DifficultNo Known ExploitMS16-100MS16-103 MS16-095MS16-0
Publish At:2016-08-10 09:50 | Read:4784 | Comments:0 | Tags:Vulnerability Management internet explorer microsoft Patch T

Adobe, Microsoft Patch Critical Security Bugs

Adobe has pushed out a critical update to plug at least 52 security holes in its widely-used Flash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws in Windows and related software. First off, if you have Adobe Flash Player Installed and haven
Publish At:2016-07-13 14:50 | Read:4102 | Comments:0 | Tags:Time to Patch adobe chrome Edge firefox Flash version 22.0.0

Personal Security: Why you Should Update your OS & Internet Browser TODAY

  If you’re one of the people who is still stubbornly holding onto Windows XP (which stopped receiving support and security updates as of April 8, 2014), it’s time to let go. Likewise, if you’re using an outdated version of your preferred internet browser, it’s time to update. Right now. Why? In both scenarios, you’re putti
Publish At:2016-03-18 01:50 | Read:7319 | Comments:0 | Tags:Thought Leadership browser security Browser Update Chrome Fi

Adobe, Microsoft Push Critical Updates

Microsoft today pushed out 13 security updates to fix at least 39 separate vulnerabilities in its various Windows operating systems and software. Five of the updates fix flaws that allow hackers or malware to break into vulnerable systems without any help from the user, save for perhaps visiting a hacked Web site. The bulk of the security holes plugged in th
Publish At:2016-03-11 07:20 | Read:4534 | Comments:0 | Tags:Time to Patch adobe flash player Adobe Reader Update Edge in

Microsoft Patch Tuesday – March 2016

Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, W
Publish At:2016-03-09 08:15 | Read:3562 | Comments:0 | Tags:Threat Research internet explorer Microsoft office patch tue

The InfoSecond, Week of Jan. 25: Cybercrime Predictions, Health Apps in Trouble & More!

New week, new… news. In our latest InfoSecond edition, we’re revealing the test results of a health care apps study (spoiler: it’s not good), looking at cybercrime predictions for 2016, identifying Android Trojan malware that’s targeting banking apps, “mourning” the end of life of several Internet Explorer versions, and pr
Publish At:2016-01-25 17:05 | Read:4336 | Comments:0 | Tags:Application Security Health Care Android Cybercrime Health C

Tools

Tag Cloud