HackDig : Dig high-quality web security articles

Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It
Publish At:2023-01-18 14:30 | Read:81172 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Tesla Returns as Pwn2Own Hacker Takeover Target

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems
Publish At:2023-01-12 18:28 | Read:161265 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a
Publish At:2023-01-10 18:28 | Read:149705 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Netwrix Acquires Remediant for PAM Technology

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.Financial terms of the acquisition were not disclosed. Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capit
Publish At:2022-12-28 14:29 | Read:126216 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Application Security Au

Microsoft Patches Azure Cross-Tenant Data Access Flaw

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure
Publish At:2022-12-23 18:27 | Read:134096 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

How to share what you’ve learned from our audits

By Nick Selby Trail of Bits recently completed a security review of cURL, which is an amazing and ubiquitous tool for transferring data. We were really thrilled to see cURL founder and lead developer Daniel Stenberg write a blog post about the engagement and the report, and wanted to highlight some important things he pointed out. In this post, Daniel dives
Publish At:2022-12-22 17:42 | Read:90993 | Comments:0 | Tags:Audits Guides cURL

Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. “An attacker can craft a mal
Publish At:2022-12-13 22:25 | Read:135432 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Application Security A

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild.A critical-level advisory from Fortinet described the bug as a memory corruption that allows a “remote unauthenticated attacker” to launch harmful code or execute commands on a target sy
Publish At:2022-12-12 18:27 | Read:147820 | Comments:0 | Tags:Cyberwarfare Network Security NEWS & INDUSTRY Applicatio

Apple Adding End-to-End Encryption to iCloud Backup

Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.The security-themed upgrades, scheduled to ship in 2023, includes a new feature called Advanced Data Protection for iCloud offering end-t
Publish At:2022-12-07 22:24 | Read:142555 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Audits

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.A lobbying outfit representing big tech is calling on the federal government’s Office of Management and Budget (OMB) to “discourage agencies” from requiring
Publish At:2022-12-07 18:26 | Read:123501 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Investors Pour $200M Into Compliance Automation Startup Drata

High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.The $200 million cash infusion comes less than two years after the San Diego, Calif-based company emerged from stealth with ambitious plans to design an
Publish At:2022-12-07 14:28 | Read:134679 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Meta Expected to Face New Fines After EU Privacy Ruling

Meta is expected to face another large fine after Europe's data watchdog on Tuesday imposed binding decisions concerning the treatment of personal data by the owner of Facebook, Instagram and WhatsApp. The European Data Protection Supervisor (EDPS) said in a statement that the rulings concerned Meta's use of data for targeted advertising, but did not gi
Publish At:2022-12-07 10:30 | Read:121762 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Audits Compliance Privacy &

Balance Theory Scores Seed Funding for Secure Workspace Collaboration

Balance Theory, a seed-stage startup working on technology to help security teams collaborate and manage data flows securely, has closed a $3 million funding round.The Columbia, Maryland-based Balance Theory said the early-stage investment was led by DataTribe with participation from TEDCO.Balance Theory, the brainchild of former Decision Lab founders Greg B
Publish At:2022-12-05 14:28 | Read:141823 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Investors Double Down on Pangea Cyber API Security Bet

Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round led by Google Ventures.The $26 million Series B brings the total raised by Pangea to $51 million and underscores a push by venture capital investors to bet on companies that help developers embed security services and A
Publish At:2022-12-01 14:28 | Read:163733 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

One Year Later: Log4Shell Remediation Slow, Painful Slog

Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.According to telemetry data from vulnerability scanning pioneer Tenable, more than 70 percent of scanned organizations remain vulnerable to t
Publish At:2022-11-30 14:29 | Read:195744 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud