HackDig : Dig high-quality web security articles for hacker

Drupal maintainers fix several access bypass vulnerabilities in Drupal 8

Drupal maintainers this week released security updates to fix several access bypass vulnerabilities in Drupal 8. Update your installation. On Wednesday Drupal maintainers released security updates to fix several access bypass vulnerabilities in Drupal 8. The flaws affect several components, including the entity access system, the REST API and some views. Th
Publish At:2017-08-17 20:05 | Read:200 | Comments:0 | Tags:Breaking News Hacking access bypass vulnerabilities CMS Drup

Drupal fixes the CVE-2017-6922 flaw exploited in spam campaigns in the wild

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The C
Publish At:2017-06-23 07:05 | Read:358 | Comments:0 | Tags:Breaking News Hacking CMS CVE-2017-6922 Cybercrime Drupal Pi

WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF)
Publish At:2017-05-19 11:10 | Read:612 | Comments:0 | Tags:Breaking News Hacking CMS CSRF WordPress 4.7.5 XSS

Security researcher disclosed a WordPress Password Reset Vulnerability

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity
Publish At:2017-05-05 03:00 | Read:463 | Comments:0 | Tags:Breaking News Hacking CMS password reset vulnerability Wordp

Critical vulnerability in Drupal References Module opens 120,000 Sites to hack

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a hug
Publish At:2017-04-20 04:35 | Read:519 | Comments:0 | Tags:Breaking News Hacking CMS Cybercrime Drupal References Modul

The Sackcloth & Ashes of WordPress Security

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security.“Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls tha
Publish At:2017-03-28 06:40 | Read:894 | Comments:0 | Tags:Featured Articles IT Security and Data Protection CMS securi

Drupal version 8.2.7 address multiple vulnerabilities in the current version of the popular CMS

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request for
Publish At:2017-03-16 19:55 | Read:833 | Comments:0 | Tags:Breaking News Hacking CMS Drupal Drupal version 8.2.7

WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè D
Publish At:2017-03-08 06:00 | Read:600 | Comments:0 | Tags:Breaking News Hacking CMS CSRF Pierluigi Paganini Security A

SQLi flaw in the NextGEN Gallery plugin exposes at risk of hack more than 1 Million WordPress Installs

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensi
Publish At:2017-03-01 19:40 | Read:712 | Comments:0 | Tags:Breaking News Hacking CMS NextGEN Gallery plugin SQL injecti

WordPress 4.7.2 release addresses XSS, SQL Injection vulnerabilities

According to the release notes the latest version of WordPress 4.7.2 addresses three security, including  XSS, SQL Injection flaws. The WordPress development team has pushed the WordPress 4.7.2 version that fixed three security issues, including a cross-site scripting and a SQL injection vulnerability. The new update comes just two weeks after WordPress rele
Publish At:2017-01-28 13:05 | Read:903 | Comments:0 | Tags:APT Security CMS Hacking Pierluigi Paganini Security Affairs

WordPress 4.7.1 released, patches eight vulnerabilities and 62 bugs

According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for all previous versions. According to the release notes, the new version addresses eight security flaws an
Publish At:2017-01-13 23:05 | Read:1096 | Comments:0 | Tags:Breaking News Hacking CMS web application security WordPress

SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla,
Publish At:2016-10-19 13:35 | Read:1226 | Comments:0 | Tags:Breaking News Hacking CMS ja-k2-filter-and-search Joomla plu

Security firm Sucuri analyzed tens of thousands of compromised websites

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites o
Publish At:2016-09-26 16:40 | Read:1059 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Reports 15 769 Wor

Linux.Rex.1, a new Linux Trojan the creates a P2P Botnet

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm D
Publish At:2016-08-24 04:45 | Read:1245 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet CMS Cybercrime Drup

Realstatistics campaign leads to ransomware via compromised sites

Threat actors in the wild are behind the Realstatistics campaign are leveraging on out-of-date CMSs to deliver the CryptXXX ransomware. Security experts from Sucuri security firm have spotted a new ransomware-based campaign dubbed ‘Realstatistics’ conducted by threat actors in the past two weeks. “Our Incident Response Team (IRT) has been t
Publish At:2016-07-10 05:35 | Read:1263 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware CMS CryptoXXX Joom

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud