HackDig : Dig high-quality web security articles for hacker

Pixie image Editor SSRF vulnerability for CVE-2017-12905

Pixie image Editor SSRF vulnerability for CVE-2017-12905title: Pixie image Editor SSRF vulnerability for CVE-2017-12905Date: 20/09/2017Vulnerability Type: SSRF(Server Side Request Forgery)Vendor of Product: vebto(vebto.com)Attack Type: RemoteImpact: ImportentAuthor:BeiJing Baimaohui technology co., LTD.Version: Pixie Image Editor 1.4 and 1.7CVE-ID : CVE-2017
Publish At:2017-09-21 20:35 | Read:31 | Comments:0 | Tags: Vulnerability

ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multip

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256ESA-2017-081: EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs Multiple Vulnerabilities EMC Identifier: ESA-2017-081CVE Identifier: CVE-2017-8007, CVE-2017-8012 Severity Rating: CVSS Base Score: See below for individual scores. Affected products: * EMC
Publish At:2017-09-21 20:35 | Read:62 | Comments:0 | Tags:No Tag

CSNC-2017-023: Buffer Overflow in Mongoose MQTT Broker

############################################################################### COMPASS SECURITY ADVISORY# https://www.compass-security.com/en/research/advisories/################################################################################ Product: Mongoose Embedded Web Server Library# Vendor: Cesanta# CVE ID: Not yet assigned.# CSNC ID: CSNC-2017-023# S
Publish At:2017-09-21 20:35 | Read:57 | Comments:0 | Tags:No Tag

Iranian cyber spies APT33 target aerospace and energy organizations

The Iran-linked APT33 group has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. According to security firm FireEye, a cyber espionage group linked to the Iranian Government, dubbed APT33, has been targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea. The APT33
Publish At:2017-09-21 20:20 | Read:84 | Comments:0 | Tags:APT Breaking News Cyber Crime Cyber warfare Hacking APT33 cy

H1 2017 – Twitter suspended a total of 935,897 accounts for the promotion of terrorism

Twitter published its Transparency Report related to H1 2017, the company suspended 935,897 accounts for the promotion of terrorism. Twitter suspends 299,000 accounts linked to terrorism in the first six months of 2017, the company revealed that 75 percent of the infringing accounts were suspended before their first tweet confirming the huge efforts in fight
Publish At:2017-09-21 20:20 | Read:66 | Comments:0 | Tags:Breaking News Reports Social Networks Terrorism propaganda s

Experts spotted a login page flaw in Joomla that exposes admin credentials

Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Acces
Publish At:2017-09-21 20:20 | Read:94 | Comments:0 | Tags:Breaking News Hacking authentication Joomla 3.8 LDAP

ISPs in at least two countries were involved in delivering surveillance FinFisher Spyware

Security researchers at ESET have uncovered a surveillance campaign using a new variant of FinFisher spyware, also known as FinSpy. Finfisher infected victims in seven countries and experts believe that in two of them the major internet providers have been involved. “New surveillance campaigns utilizing FinFisher, infamous spyware known also as FinSpy
Publish At:2017-09-21 20:20 | Read:53 | Comments:0 | Tags:Breaking News Cyber Crime Cyber warfare Hacking Intelligence

Leaking Cloud Databases and Servers Expose Over 1 Billion Records

As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making breaches, it’s becoming clear that the greatest risks to an organization might come down to a simple
Publish At:2017-09-21 19:15 | Read:142 | Comments:0 | Tags:Advanced Threats Cloud Security Data Protection Software & A

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:128 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

When Responding to a Data Breach, Cooperation Is Nine-Tenths of the Law

In recent years, several high-profile breaches involving customer data have led to long and costly litigations. These events demonstrated that data protection is more than just a cybersecurity concern. When responding to a data breach, legal teams have to work closely with the chief information security officer (CISO) to ensure that security policies, r
Publish At:2017-09-21 19:15 | Read:28 | Comments:0 | Tags:CISO Incident Response Chief Information Security Officer (C

SMBs Paid $301 Million to Ransomware Attackers

But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.Ransomware attacks against small- to midsized businesses (SMBs) are expected to increase over the next two years, according to a survey released today by Datto.The State of the Channel Ransomware Report, which
Publish At:2017-09-21 13:30 | Read:126 | Comments:0 | Tags:No Tag

Why Size Doesn't Matter in DDoS Attacks

Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention." Distributed denial-of-service (DDoS) attacks have increased, and research shows that on average, a DDoS attack can cost an organization more than $2.5 million in revenue. As a small or medium-sized business owner, you may be thinking "hackers only
Publish At:2017-09-21 13:30 | Read:74 | Comments:0 | Tags: DDOS

Optionsbleed vulnerability can cause Apache servers to leak memory data

The vulnerability Optionsbleed in Apache HTTP Server that can cause certain systems to leak potentially sensitive data in response to HTTP OPTIONS requests. The freelance journalist and security researcher Hanno Böck discovered a vulnerability, dubbed ‘Optionsbleed’. in Apache HTTP Server (httpd) that can cause certain systems to leak potentially
Publish At:2017-09-21 01:55 | Read:90 | Comments:0 | Tags:Breaking News Hacking Apache server memory leak Optionsbleed

FedEx announces $300m in lost business and response costs after NotPetya attack

FedEx is the last firm in order of time that disclosed the cost caused by the massive NotPetya, roughly $300m in lost business and response costs. The malware compromised systems worldwide, most of them in Ukraine, the list of victims is long and includes the US pharmaceutical company Merck, the shipping giant Maersk, the Ukraine’s central bank, Russian oil
Publish At:2017-09-21 01:55 | Read:128 | Comments:0 | Tags:Breaking News Cyber Crime Malware FedEx malware notpetya ran

Don’t Sweep Web Application Penetration Testing Under the Rug

Web application penetration testing is one of the most critical components of your information security program. The exploitation of a web-related vulnerability could result in a massive breach, so web security must be front and center in any organization. However, I often see people sweep web security under the rug and fail to follow through on their find
Publish At:2017-09-21 00:50 | Read:105 | Comments:0 | Tags:Application Security Risk Management Application Security Te

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud