HackDig : Dig high-quality web security articles for hackers

Fortinet FortiOS 6.0.4 Password Modification

# Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification# Google Dork: intitle:"Please Login" "Use FTM Push"# Date: 15/11/2020# Exploit Author: Ricardo Longatto# Details: This exploit allow change users password from SSLVPN web portal# Vendor Homepage: https://www.fortinet.com/# Version: Exploit to Fort
Publish At:2020-11-22 08:09 | Read:117 | Comments:0 | Tags: IOS

Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works

Your use passwords to log into websites and services, and since there are so many of them, it’s hard to remember them. It’s a bad idea to use the same password for different websites, because if one site is compromised, hackers will have an email address and password that they can try on other sites. Because of this, you need to ensure that your
Publish At:2020-11-19 01:14 | Read:168 | Comments:0 | Tags:How To iCloud iOS Keychain Mac password security IOS Cloud

P for Privacy – The Background Story of CVE-2020-9773

Affected Component: all iOS versions < 14.0 LSDIconCache Latest Vulnerable Version: iOS 13.7 Vendor: Apple, Inc. CVE: CVE-2020-9773 Disclosure Timeline Bug discovered: December 1st, 2019 Vendor notified: December 17th, 2019 First patch attempt: March 24th, 2020  Final patch released: September 15th, 2020 Summary A sandboxed application can circumvent upd
Publish At:2020-11-18 09:35 | Read:70 | Comments:0 | Tags:iOS Apple CVE

How to switch search engines on macOS and iOS (and why you should)

If you’re like most people, you search the web a lot. Google handles nearly 85,000 searches per second, or 7.3 billion per day, or more than two and a half trillion searches every year. Your share of that may be small: if you’re just an average person, you may search the web 3-5 times a day, but some of us, such as writers, may perform several do
Publish At:2020-11-18 01:50 | Read:158 | Comments:0 | Tags:How To Recommended AOL Ask.com Bing DuckDuckGo Google GoTo i

APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-11-13-3 Additional information forAPPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0iOS 14.0 and iPadOS 14.0 addresses the following issues. Informationabout the security content is also available athttps://support.apple.com/HT211850.AppleAVDAvailable for: iPhone 6s and later, iPod touch 7th generation,
Publish At:2020-11-15 17:14 | Read:178 | Comments:0 | Tags: IOS

Apple iOS Safari feature can be used to share "fake news" headlines

A link-sharing feature in iOS versions of Apple Safari browser makes it possible for iPhone, iPad, and iPod Touch users to alter headlines when sharing parts of webpages.A researcher has raised concerns this feature can be abused not only for pulling harmless pranks but for sharing "fake news" having a wider impact.What is the feature?When browsing
Publish At:2020-11-14 14:12 | Read:224 | Comments:0 | Tags:Security Apple IOS

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Many popular OS and applications have been hacked during this year’s edition of the Tianfu Cup hacking competition. This year’s edition of the Tianfu Cup hacking competition was very prolific, bug bounty hackers have discovered multiple vulnerabilities in multiple software and applications. The Tianfu Cup is the most important hacking conte
Publish At:2020-11-09 05:11 | Read:146 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Update your iOS now! Apple patches three zero-day vulnerabilities

Apple has patched three vulnerabilities in iOS (and iPadOS) that were actively being exploited in targeted attacks. Vulnerabilities that are being exploited in the wild without a patch being available are referred to as zero-days. The vulnerabilities were found and disclosed by Google’s Project Zero team, and patches were issued yesterday. What has Apple
Publish At:2020-11-06 17:11 | Read:117 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apple CVE-2020-27930 CVE-

APPLE-SA-2020-11-05-2 iOS 12.4.9

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-11-05-2 iOS 12.4.9iOS 12.4.9 is now available and address the following issues.Information about the security content is also available athttps://support.apple.com/HT211940.FaceTimeAvailable for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2and 3, iPod touch (6th generation)Impact: A user ma
Publish At:2020-11-06 14:50 | Read:241 | Comments:0 | Tags: IOS

APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2iOS 14.2 and iPadOS 14.2 are now available and address the followingissues. Information about the security content is also available athttps://support.apple.com/HT211929.AudioAvailable for: iPhone 6s and later, iPod touch 7th generation, iPadAir 2 and later, and iPad
Publish At:2020-11-06 14:50 | Read:216 | Comments:0 | Tags: IOS

Apple addresses three actively exploited iOS zero-days

Apple released iOS 14.2 that addressed three zero-day vulnerabilities in its mobile OS that have been abused in attacks in the wild. Apple has addressed three iOS zero-day vulnerabilities actively exploited in attacks the wild and affecting iPhone, iPad, and iPod devices. The zero-day vulnerabilities have been fixed by the IT giant with the release of
Publish At:2020-11-05 19:17 | Read:170 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Apple patches three actively exploited iOS zero-days

Apple has patched today three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad, and iPod devices."Apple is aware of reports that an exploit for this issue exists in the wild," the company said in a security advisory issued today when describing the three flaws.The list of affected devices includes iPhone 6s and
Publish At:2020-11-05 15:42 | Read:186 | Comments:0 | Tags:Security Apple IOS exploit

Nagios XI 5.7.3 mibs.php Remote Command Injection (Authenticated)

# Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection (Authenticated)# Date: 10-27-2020# Vulnerability Discovery: Chris Lyne# Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58# Exploit Author: Matthew Aberegg# Vendor Homepage: https://www.nagios.com/products/nagios-xi/# Vendor Changelog: https://www.nagio
Publish At:2020-11-04 15:02 | Read:164 | Comments:0 | Tags: IOS

Scammers Used 265 Different Google Forms to Dupe Unsuspecting Users of Top Brands

Nearly 75% used AT&T or AT&T and Yahoo logos Scammers – masquerading as more than 25 different companies, brands and government agencies – used 265 Google Forms in an effort to steal user passwords and credentials.  According to our findings, the links remained active for several months after being added to public phishing databases. All
Publish At:2020-11-03 09:26 | Read:216 | Comments:0 | Tags:Phishing Android Google Forms iOS phishing

Apple neglects to fix “fake headlines” bug usable for election interference

For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines that appear to come from credible sources.Although we covered the flaw nearly two years ago, it’s worth questioning why Apple still has not fixed it. This is especially concerning given that we’re in the final days leading up to the 2020 U.S.
Publish At:2020-10-31 12:37 | Read:281 | Comments:0 | Tags:Security & Privacy iMessage iOS Safari vulnerabilities

Tools