HackDig : Dig high-quality web security articles for hackers

Payroll giant PrismHR outage likely caused by ransomware attack

Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers.PrismHR is an online payroll, benefits, and human resources platform used by Professional employer organizations (PEO). PEOs use this platform to provide payroll, HR, and benefits servi
Publish At:2021-03-02 19:37 | Read:52 | Comments:0 | Tags:Security ransomware

Google fixes second actively exploited Chrome zero-day bug this year

Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users."Google is aware of reports that an exploit for CVE-2021-21166 exists in the wild," the Google Chrome 89.0.4389.72 announcement reads.Th
Publish At:2021-03-02 19:37 | Read:65 | Comments:0 | Tags:Security exploit

Microsoft fixes actively exploited Exchange zero-day bugs, patch now

Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day vulnerabilities actively exploited in targeted attacks.These four zero-day vulnerabilities are chained together to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the netw
Publish At:2021-03-02 19:37 | Read:109 | Comments:0 | Tags:Security Microsoft exploit

Pwn20wnd released the unc0ver v 6.0 jailbreaking tool

The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every iPhone device. Pwn20wnd, the author of the jailbreaking tool “unc0ver,” has updated their software to support iOS 14.3 and earlier releases. The last release of the jailbreaking tool, unc0ver v6.0.0, now inc
Publish At:2021-03-02 19:18 | Read:43 | Comments:0 | Tags:Breaking News Hacking Mobile Apple Apple iOS hacking news in

Hackers Control Perl.com Domain Months Before Hijack

The Perl.com domain was hijacked in January 2021, but hackers seemingly took control of it four months prior, in September 2020.Serving articles about the Perl programming language since 1997 and managed by The Perl Foundation, the domain started pointing to a parked site at the end of January, with evidence suggesting connections to sites distributing malwa
Publish At:2021-03-02 17:59 | Read:47 | Comments:0 | Tags:Network Security NEWS & INDUSTRY hack

Thycotic and Centrify to Merge In $1.4B Deal

TPG Capital will combine privileged access management providers into one company.TPG Capital today announced it is purchasing privileged access management (PAM) provider Thycotic and merging it with competitor Centrify, which the firm recently acquired.In a deal worth $1.4 billion, the private equity platform of alternative asset firm TPG said it has signed
Publish At:2021-03-02 17:56 | Read:71 | Comments:0 | Tags:No Tag

Microsoft Fixes Exchange Server Zero-Days Exploited in Active Attacks

Microsoft fixes multiple Exchange Server vulnerabilities being weaponized in attacks from a group it believes operates out of China.Microsoft has released patches for four critical vulnerabilities being used to target on-premises versions of Microsoft Exchange Server in "limited and targeted" attacks. It attributes the activity to a group called Hafnium, whi
Publish At:2021-03-02 17:56 | Read:108 | Comments:0 | Tags: exploit

Ryuk ransomware develops worm-like capability

The French government’s computer emergency readiness team, that’s part of the National Cybersecurity Agency of France, or ANSSI, has discovered a Ryuk variant that has worm-like capabilities during an incident response. For those unacquainted with Ryuk, it is a type of ransomware that is used in targeted attacks against enterprises and organiz
Publish At:2021-03-02 17:48 | Read:85 | Comments:0 | Tags:Malwarebytes news ANSSI arp botnet emotet KRBTGT rpc ryuk sc

Medal of Honor Holders’ Identities Stolen

A threat actor stole the identities of recipients of the US Congressional Medal of Honor and used their personal data to purchase goods from American military exchanges. According to a Secret Service search warrant application obtained by The Daily Beast, the identities of a third of the living holders of the US government's highest and most pr
Publish At:2021-03-02 16:56 | Read:118 | Comments:0 | Tags:No Tag

Satanic Temple Loses Cyber-squatting Lawsuit

A federal judge in Washington state has dismissed a cyber-squatting claim brought by the Washington Chapter of The Satanic Temple.The United Federation of Churches LLC, doing business as The Satanic Temple, filed a lawsuit against a group of former Temple members who it claimed erased the contents of the Temple's social media accounts and repla
Publish At:2021-03-02 16:56 | Read:85 | Comments:0 | Tags: cyber

Payroll/HR Giant PrismHR Hit by Ransomware?

PrismHR, a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services. Hopkinton, Mass.-based PrismHR handles everything from payroll processing and human resources to health ins
Publish At:2021-03-02 15:50 | Read:71 | Comments:0 | Tags:Ransomware Decimal Jacob Cloran PEOs PrismHR professional em

SolarWinds reports $3.5 million in expenses from supply-chain attack

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation.Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.Additional costs expectedWhile
Publish At:2021-03-02 15:43 | Read:42 | Comments:0 | Tags:Security

Malaysia Airlines discloses a nine-year-long data breach

​Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program.Starting yesterday, Malaysia Airlines began emailing members of their Enrich rewards program to disclose that they were affected by a data breach.Malaysia Airlines Enrich data breach notificationAccordi
Publish At:2021-03-02 15:43 | Read:80 | Comments:0 | Tags:Security

Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)

Multiple Vulnerabilities in jpeg-xl===================================CVE: CVE-2021-27804Highest Severity Rating: HighConfirmed Affected Versions: jpeg-xl v0.3.1 and earlierVendor: Joint Photographic Experts Group (JPEG)Vendor URL: https://gitlab.com/wg1/jpeg-xlSummary and Impact------------------jpeg-xl is the reference implementation by the Joint Photograp
Publish At:2021-03-02 15:27 | Read:70 | Comments:0 | Tags:No Tag

Backdoor.Win32.RemoteManipulator.fdo / Insecure Permissions

Discovery / credits: Malvuln - malvuln.com (c) 2021Original source:https://malvuln.com/advisory/66ef21e8d1cf30dce6e084a9e306c18f.txtContact: malvuln13 () gmail comMedia: twitter.com/malvulnThreat: Backdoor.Win32.RemoteManipulator.fdoVulnerability: Insecure PermissionsDescription: The backdoor creates an insecure randomly named hidden dirwith a .tmp ext E.g.
Publish At:2021-03-02 15:27 | Read:68 | Comments:0 | Tags:No Tag

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Friend Links