HackDig : Dig high-quality web security articles for hackers

Chipmaker Intel Corp. Blames Internal Error on Data Leak

The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report early. It said its corporate network was not compromised.The company’s chief financial officer, George Davis, had earlier told The Financial Times that Intel published its earnings ahead of the stock market’s close on
Publish At:2021-01-23 17:23 | Read:86 | Comments:0 | Tags:NEWS & INDUSTRY Data Protection data leak

Russian government warns of US retaliatory cyberattacks

The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach.Last month, the SolarWinds network management company disclosed that they suffered a sophisticated cyberattack that led to a supply chain attack affecting 18,000 customers.The US governmen
Publish At:2021-01-23 15:07 | Read:143 | Comments:0 | Tags:Security cyber

SonicWall firewall maker hacked using zero-day in its VPN device

Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems.SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME a
Publish At:2021-01-23 15:07 | Read:74 | Comments:0 | Tags:Security hack

MrbMiner cryptojacking campaign linked to Iranian software firm

Sophos experts believe that an Iranian company is behind a recently uncovered MrbMiner crypto-jacking campaign targeting SQL servers. Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. In September, a group of hackers lau
Publish At:2021-01-23 14:48 | Read:161 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cryptocurrency miner Hacki

Oracle WebLogic Server 14.1.1.0 Remote Code Execution

# Exploit Title: Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)# Date: 2021-01-21# Exploit Author: Photubias # Vendor Advisory: [1] https://www.oracle.com/security-alerts/cpujan2021.html# Vendor Homepage: https://www.oracle.com# Version: WebLogic 10.3.6.0, 12.1.3.0, 12.2.1.3, 12.2.1.4, 14.1.1.0 (fixed in JDKs 6u201, 7u191, 8u182 & 11.0.1)# Tested
Publish At:2021-01-23 09:57 | Read:116 | Comments:0 | Tags:No Tag

SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws

Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.SonicWall provides network, access, email, cloud, and endpoint security solutions. The company said the attackers may have explo
Publish At:2021-01-23 09:35 | Read:147 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Cybercrime exploit h

Facebook users were mass-logged out Friday by configuration change

If you were logged out of Facebook tonight, you are not alone. Facebook states that users were logged out of the social site due to a "configuration change."The mass Facebook logout occurred at approximately 8:30 PM EST on Friday, with users suddenly greeted by a message stating, "Session expired. Please login again."The message shown to users when logged ou
Publish At:2021-01-23 07:19 | Read:87 | Comments:0 | Tags:Technology

Security firm SonicWall was victim of a coordinated attack

The Hacker News reported in exclusive that the security firm SonicWall was hacked as a result of a coordinated attack on its internal systems. TheHackerNews revealed in an exclusive that the security provider SonicWall was hacked on Friday. The company was targeted with a coordinated attack on its internal systems, threat actors exploited zero-day vuln
Publish At:2021-01-23 07:00 | Read:125 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

The Week in Ransomware - January 22nd 2021 - Calm before the storm

Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported.This week's biggest news is threat actors hacking the IObit forums to host malware for an IObit phishing scam that infected numerous people with the DeroHE ransomware.This week's other interesting news is a new threat actor
Publish At:2021-01-22 23:31 | Read:127 | Comments:0 | Tags:Security ransomware

SAP SolMan exploit released for max severity pre-auth flaw

Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component.SAP SolMan is an application lifecycle manager deployed in almost all SAP environments and designed to help unify the management of all SAP and non-SAP systems within a single int
Publish At:2021-01-22 19:37 | Read:87 | Comments:0 | Tags:Security exploit

FSB warns Russian businesses of cyber attacks as retaliation for SolarWinds hack

Russian authorities are alerting Russian organizations of potential cyberattacks launched by the United States in response to SolarWinds attack. The Russian intelligence agency FSB has issued a security alert this week warning Russian organizations of potential cyberattacks launched by the United States in response to the SolarWinds supply chain attack.
Publish At:2021-01-22 19:18 | Read:83 | Comments:0 | Tags:Breaking News Cyber warfare FSB Hacking hacking news informa

Speed of Digital Transformation May Lead to Greater App Vulnerabilities

The fastest-moving industries are struggling to produce secure code, according to AppSec experts.Digital transformation initiatives have become a common way for companies to make their businesses more agile and to adapt quickly to market changes. But faster software development speeds and the greater number of applications may be causing vulnerabilities to b
Publish At:2021-01-22 17:56 | Read:104 | Comments:0 | Tags:No Tag

Chrome wants to make your passwords stronger

A common sentiment, shared by many people down the years, is that storing passwords in browsers is a bad idea. Malware, for example, would specifically target password storage in browsers and plunder everything in sight. Password managers weren’t exactly flying off the shelves back in 2007, your only real options were home grown. People ended up saving l
Publish At:2021-01-22 17:48 | Read:128 | Comments:0 | Tags:Privacy browser chrome encrypted malware password manager pa

What Spring Data can teach us about API misconfiguration

A security researcher (Joel Noguera @niemand_sec) discovered a ‘critical’ misconfiguration bug in Spring Data’s Application Level Profile Semantics (ALPS). This bug allows unauthenticated users to perform an Application Programming Interface (API) request, which responds with sensitive user data that can be utilized, manipulated, or even deleted.
Publish At:2021-01-22 17:00 | Read:109 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Court Date for Woman Accused in Theft of Pelosi's Laptop

A woman from Pennsylvania will appear before a federal court on Monday to face charges in connection with the theft of a laptop belonging to Speaker of the United States House of Representatives Nancy Pelosi.The computer was stolen from Pelosi's office earlier this month when a crowd of people who had been attending a political protest forced t
Publish At:2021-01-22 16:56 | Read:112 | Comments:0 | Tags:No Tag

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Friend Links