HackDig : Dig high-quality web security articles for hacker

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.Apple has rewarded a security researcher $75,000 for discovering a total of seven zero-days in the Safari browser. Using only three of these flaws, an intruder could build an attack chain and access the camera and microph
Publish At:2020-04-04 17:05 | Read:175 | Comments:0 | Tags: IOS

Lost or Stolen Device? Here’s What to do Next

Reading Time: ~ 4 min. It’s a nightmare, it’s inconvenient, and it’s inevitable. Losing or having your smart device stolen poses a significant, looming privacy risk— we just don’t like to think about it. However, this is an instance where hiding your head in the sand will only make you more susceptible to attack. The personal data living on your family&#
Publish At:2020-04-01 09:03 | Read:106 | Comments:0 | Tags:Home + Mobile android ios

No, Houseparty hasn’t hacked your phone and stolen your bank details

byPaul DucklinIf you’re at home right now – and who isn’t? – then you’ve probably heard of Houseparty.It’s a social networking app that came out back in 2015 and was bought by Epic Games – famous for Unreal and Fortnite – in the middle of 2019.The name gives you a good idea of what is does: simply put, you go o
Publish At:2020-03-30 17:20 | Read:181 | Comments:0 | Tags:Android Exploit hacking Houseparty ios

Apple’s iOS 13.4 hit by VPN bypass vulnerability

byJohn E DunnIt’s less than a week since Apple’s iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of Virtual Private Network (VPN) connections.Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the lates
Publish At:2020-03-30 10:29 | Read:168 | Comments:0 | Tags:Privacy Vulnerability Apple iOS 13.4 ProtonVPN VPNs IOS

#COVID19 News Links Hijacked With iOS Spyware

Apple iOS users in Hong Kong have been targeted by a large-scale spyware operation using news links posted in popular online forums to snare victims, according to Trend Micro.In what the vendor is calling Operation Poisoned News, links in four different forums frequented by Hong Kong residents were found to use a hidden iframe to execute malicious code, expl
Publish At:2020-03-27 07:26 | Read:187 | Comments:0 | Tags: IOS

Operation Poisoned News: Hong Kong iOS users targeted with watering hole attacks

Operation Poisoned News – Experts observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to spy on them. Security experts at Trend Micro have observed a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as lightSpy. Attackers used malicious l
Publish At:2020-03-26 18:10 | Read:299 | Comments:0 | Tags:Breaking News Hacking Malware Mobile Security information se

No Patch for VPN Bypass Flaw Discovered in iOS

Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple’s iOS mobile operating system that prevents VPN applications from encrypting all traffic.The flaw was discovered by a member of the Proton community in iOS 13.3.1, but Apple has yet to release a patch an
Publish At:2020-03-26 17:19 | Read:302 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

Stealing videos from VLC

An unauthenticated insecure direct object reference (IDOR) issue in VLC for iOS could allow a local attacker to steal media from the storage. VLC for iOS was vulnerable to an unauthenticated insecure direct object reference (IDOR) which could allow a local attacker to steal media from the storage by just navigating to the source URL/IP. This was poss
Publish At:2020-03-26 14:50 | Read:301 | Comments:0 | Tags:Breaking News Hacking iOS it security it security news Pierl

iOS exploit chain deploys LightSpy feature-rich malware

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrast
Publish At:2020-03-26 14:33 | Read:327 | Comments:0 | Tags:APT reports Featured Apple iOS APT Backdoor Google Android I

Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports.The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware. Vulnerabilities a
Publish At:2020-03-26 13:31 | Read:205 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Viru

Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links

By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez, Lilang Wu, and Ecular Xu A recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news sites, they also use a hidden iframe to load and e
Publish At:2020-03-26 08:38 | Read:242 | Comments:0 | Tags:Malware Mobile android dmsSpy iOS lightSpy Operation Poisone

APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4iOS 13.4 and iPadOS 13.4 are now available and address the following:ActionKitAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4and later, and iPod touch 7th generationImpact: An application may be able to use an SSH client provided byprivate framew
Publish At:2020-03-25 03:30 | Read:265 | Comments:0 | Tags: IOS

Nagios XI Authenticated Remote Command Execution

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name'
Publish At:2020-03-14 17:24 | Read:374 | Comments:0 | Tags: IOS

Facebook sues data analytics firm OneAudience over malicious SDK

byLisa VaasFacebook is suing the data analytics firm OneAudience for allegedly developing a malicious, social-media-profile-grabbing software development kit (SDK) and then paying app developers to embed it in their apps.In a complaint filed in California on Thursday, Facebook charged that the polluted apps – which included shopping, gaming and utility
Publish At:2020-03-02 09:21 | Read:316 | Comments:0 | Tags:Android Data loss Facebook iOS Law & order Mobile Privacy Se

Switch default apps on iPhone or iPad for better security and privacy

Modern operating systems, both on the desktop and on mobile devices, include plenty of “stock apps”—apps provided by default so you can use your device without needing a lot of third-party software. You get an email app, a calendar, a web browser, a messaging app, and more. This wasn’t always the case; I remember when I needed to buy an ema
Publish At:2020-02-25 02:55 | Read:402 | Comments:0 | Tags:Software & Apps Apple Mail iOS Safari

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud