HackDig : Dig high-quality web security articles

Google fixes the fourth Chrome zero-day in 2022

Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that r
Publish At:2022-07-04 17:32 | Read:101 | Comments:0 | Tags:Breaking News Hacking Security Chrome information security n

AstraLocker ransomware shuts down and releases decryptors

The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking.The ransomware's developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform.BleepingComputer downloaded the archive and confirmed that the decryptors
Publish At:2022-07-04 14:20 | Read:63 | Comments:0 | Tags:Security ransomware

Google patches new Chrome zero-day flaw exploited in attacks

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022."Google is aware that an exploit for CVE-2022-2294 exists in the wild.," the browser vendor explained in a security advisory published on Monday.The 103.0.5060.1
Publish At:2022-07-04 13:58 | Read:78 | Comments:0 | Tags:Security Google exploit

Hacker claims to have stolen data on 1 billion Chinese citizens

Image: Xiangkun ZHU/BleepingComputerAn anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).The announcement was posted on a hacker forum by someone using the handle 'ChinaDan,' saying that the information was
Publish At:2022-07-04 13:46 | Read:92 | Comments:0 | Tags:Security hack

Popular Django web framework affected by a SQL Injection flaw. Upgrade it now!

The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django is maintained by the independent organization Django Software Foundation. The latest releases of the
Publish At:2022-07-04 11:10 | Read:53 | Comments:0 | Tags:Breaking News Security Django Hacking hacking news informati

Django fixes SQL Injection vulnerability in new releases

The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases.Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued tod
Publish At:2022-07-04 09:48 | Read:79 | Comments:0 | Tags:Security Vulnerability

UK Army’s Twitter, YouTube accounts hacked to push crypto scam

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday.Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.The YouTube account was seen airing "Ark Invest" live streams featuring an older Elon Musk clip to mislead users into visiting
Publish At:2022-07-04 09:48 | Read:130 | Comments:0 | Tags:Security hack

A week in security (June 27 – July 3)

Last week on Malwarebytes Labs: Ransomware review: June 2022AstraLocker 2.0 ransomware isn’t going to give you your files backYTStealer targets YouTube content creatorsZuoRAT is a sophisticated malware that mainly targets SOHO routersAmazon Photos vulnerability could have given attackers access to user files and dataCriminals are applying for remote work
Publish At:2022-07-04 07:54 | Read:57 | Comments:0 | Tags:A week in security Amazon Photos AMD astralocker evilnum Her

Why Security Configuration Management (SCM) Matters

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security configuration management (SCM).Faster breach detectionToday’s cyber threat landscape is extremely
Publish At:2022-07-04 06:20 | Read:112 | Comments:0 | Tags:Featured Articles Security Configuration Management Infosec

Unfaithful HackerOne employee steals bug reports to claim additional bounties

Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation s
Publish At:2022-07-04 06:02 | Read:133 | Comments:0 | Tags:Breaking News Cyber Crime Security HackerOne Hacking hacking

CISA orders federal agencies to patch CVE-2022-26925 by July 22

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of M
Publish At:2022-07-04 05:26 | Read:96 | Comments:0 | Tags:Breaking News Security CISA CVE-2022-26925 Hacking hacking n

Threat Report Portugal: Q2 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automat
Publish At:2022-07-04 05:26 | Read:118 | Comments:0 | Tags:Breaking News Reports Security Cybercrime hacking news infor

Microsoft Defender adds network protection for Android, iOS devices

Microsoft has introduced a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks.After enabling the new Mobile Network Protection feature on Android and iOS devices you want to monitor, the enterprise endpoint security platform will provide pr
Publish At:2022-07-03 17:56 | Read:88 | Comments:0 | Tags:Microsoft Security IOS android

Free smartphone stalkerware detection tool gets dedicated hub

Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored.Stalkerware is software explicitly created to spy on people via their smartphones by monitoring their whereabouts, communications, photos, browsing history, and more
Publish At:2022-07-03 17:56 | Read:88 | Comments:0 | Tags:Security

Privacy protection agency seizes servers of hacked travel company

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.At least 10 websites managed by Gol Tours LTD in Israel have been been shut down following a notification from the agency about fixing th
Publish At:2022-07-03 17:56 | Read:85 | Comments:0 | Tags:Security hack

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3