HackDig : Dig high-quality web security articles for hackers

How to steal photos off someone’s iPhone from across the street

byPaul DucklinWell-known Google Project Zero researcher Ian Beer has just published a blog post that is attracting a lot of media attention.The article itself has a perfectly accurate and interesting title, namely: An iOS zero-click radio proximity exploit odyssey.But it’s headlines like the one we’ve used above that capture the practical essence
Publish At:2020-12-02 15:31 | Read:138 | Comments:0 | Tags:Apple iOS Vulnerability Exploit hacking Ian Beer Project Zer

Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware

Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems.Tracked as CVE-2020-14882 and leading to code execution, the vulnerability was addressed in the October 2020 Critical Patch Update (CPU). The first attacks targeting it were observed roughly one week after and
Publish At:2020-12-02 13:29 | Read:111 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Unofficial Patch Released for Windows 7 Zero-Day Vulnerability

An unofficial patch is now available through ACROS Security’s 0patch service for a zero-day vulnerability identified earlier this month in Windows 7 and Windows Server 2008 R2.The privilege escalation flaw, detailed by security researcher Clément Labro on November 12, exists because all users have write permissions for HKLMSYSTEMCurrentControlSetServicesDnsc
Publish At:2020-11-27 08:41 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Bzzzzzzt! How safe is that keenly priced digital doorbell?

byPaul DucklinIt’s the fourth Thursday in November, so it’s not just a day for saying “Happy Thanksgiving” to our US readers……but also a day for thinking about the cool new gadgets you have in mind for your Black Friday shopping spree tomorrow.(Is it just us, or has Cyber Monday disappeared as a concept now that “Bl
Publish At:2020-11-26 15:13 | Read:121 | Comments:0 | Tags:IoT Privacy data leakage doorbell iot vulnerability

VMware NSX-T MITM Vulnerability (CVE-2020-3993)

NSX-T is a Software-Defined-Networking (SDN) solution of VMware which, as its basic functionality, supports spanning logical networks across VMs on distributed ESXi and KVM hypervisors. The central controller of the SDN is the NSX-T Manager Cluster which is responsible for deploying the network configurations to the hypervisor hosts. This summer, I looked in
Publish At:2020-11-26 07:16 | Read:155 | Comments:0 | Tags:Breaking CVE-2020-3993 disclosure NSX-T VMware vulnerability

S3 Ep8: A conversation with Katie Moussouris [Podcast]

byPaul DucklinHi, everyone – for S3 Ep8, we’ve gone live a day early to take into account the US Thanksgiving holiday on Thursday. (Followed, of course, by Black Friday, so if you’re splashing out online, please take care out there!)This week, we talk to hacker and vulnerability disclosure pioneer, Katie Moussouris. Katie Moussouris, CEO of
Publish At:2020-11-25 11:55 | Read:116 | Comments:0 | Tags:Podcast Security leadership Vulnerability @k8em0 bug bounty

2FA Bypass Vulnerability Patched in cPanel & WebHost Manager

cPanel last week released patches to address three vulnerabilities in cPanel & WebHost Manager (WHM), including one leading to two-factor authentication bypass.A suite of tools built for Linux, cPanel & WHM helps hosting providers and users automate management and web hosting tasks. With over 20 years of web hosting experience, cPanel claims servers
Publish At:2020-11-25 09:53 | Read:128 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Gift card hack exposed – you pay, they play

byPaul DucklinThanks to Bill Kearney of Sophos Rapid Response for his work on this article.If you’ve read the recent Sophos 2021 Threat Report, you’ll know that we deliberately included a section about all the malware out there that isn’t ransomware.Sure, ransomware understandably hogs the media headlines these days, but cybercriminality go
Publish At:2020-11-24 16:25 | Read:190 | Comments:0 | Tags:Data loss Vulnerability Cybercrime gift cards hacking Scam h

VMware Working on Patches for Critical Workspace ONE Access Vulnerability

VMware on Monday published an advisory to inform users that it’s working on patching a critical command injection vulnerability affecting Workspace ONE Access and some related components.The flaw, tracked as CVE-2020-4006 and having a CVSS score of 9.1, was reported privately to VMware, but the virtualization giant has not credited anyone in its advisory. Th
Publish At:2020-11-24 10:29 | Read:109 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

VMware discloses critical zero-day vulnerability in Workspace One

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in
Publish At:2020-11-23 16:37 | Read:197 | Comments:0 | Tags:Security Vulnerability

Facebook patches Messenger audio snooping bug – update now!

byPaul DucklinModern telephony is full of anachronisms.For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up.But when was the last time you saw, let alone used, a phone that actually had a dial? And we still use idioms such as &#
Publish At:2020-11-20 14:55 | Read:196 | Comments:0 | Tags:Privacy Vulnerability Exploit Facebook Facebook Messenger vu

VMWare releases fix for critical ESXi, Workstation vulnerability

VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation.The two vulnerabilities were successfully exploited by Qihoo 360 Vulcan Team's Xiao Wei and Tianwen Tang during the first day of the 2020 Tia
Publish At:2020-11-20 14:31 | Read:207 | Comments:0 | Tags:Security Vulnerability

VTiger v7.0 CRM - (To) Persistent Email Vulnerability

Document Title:===============VTiger v7.0 CRM - (To) Persistent Email VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2227Release Date:=============2020-11-18Vulnerability Laboratory ID (VL-ID):====================================2227Common Vulnerability Scoring System:================================
Publish At:2020-11-20 10:21 | Read:192 | Comments:0 | Tags: Vulnerability

Facebook Pays $60,000 for Vulnerability in Messenger for Android

Facebook this week addressed a vulnerability in Facebook Messenger for Android that could have allowed an attacker to connect to an audio call without user interaction.Discovered by Google Project Zero security researcher Natalie Silvanovich, the issue exists because an attacker can send a crafted message that would trick the receiver’s Messenger into automa
Publish At:2020-11-20 08:59 | Read:118 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability android

Cisco Webex Vulnerability Allows Ghost Access to Meetings

Cisco this week announced the availability of software updates that address multiple vulnerabilities across several products, including bugs leading to unauthorized access to Webex meetings.Identified by IBM’s security researchers, the Webex flaws could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeti
Publish At:2020-11-19 09:35 | Read:166 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Tools