HackDig : Dig high-quality web security articles

Time to uninstall! Abandoned Android apps pack a vulnerability punch

Synopsis has published an advisory warning of multiple vulnerabilities across three different Android remote mouse and keyboard apps with a combined install count of about two million. The apps are at risk from remote code execution (RCE), and there’s no sign of a fix coming anytime, ever. Bleeping Computer notes that the issues were first discovered a
Publish At:2022-12-08 14:18 | Read:24557 | Comments:0 | Tags:News CVE android apps abandonware vulnerability bug telepad

How the Critical OpenSSL Vulnerability may affect Popular Container Images

The big news this week is that a new CRITICAL OpenSSL vulnerability will be announced on November 1st, 2022. Critical-severity OpenSSL vulnerabilities don’t come along every day – the last was CVE-2016-6309, which ended up only affecting a single version of the software. The more famous vulnerability, known as Heartbleed, came out in 2014. Will this
Publish At:2022-10-28 15:04 | Read:138594 | Comments:0 | Tags:CVE Vulnerability

Detecting and mitigating CVE-2022-42889 a.k.a. Text4shell

A new critical vulnerability CVE-2022-42889 a.k.a Text4shell, similar to the old Spring4shell and log4shell, was originally reported by Alvaro Muñoz on the very popular Apache Commons Text library. The vulnerability is rated as a critical 9.8 severity and it is always a remote code execution (RCE) which would permit attackers to execute arbitrary code
Publish At:2022-10-19 11:41 | Read:132416 | Comments:0 | Tags:CVE Falco Sysdig Secure

Smart lights vulnerable to "blink and you'll miss it" attack

Over the last couple of years, key parts of our daily lives have been sliding into some form of Internet connectivity. Smartphones and other devices have become necessities. Paying bills? Those systems have moved online. Tax? Online. Wage slips and bank statements? It’s paperless time. Welfare assistance? There’s a login portal for that. In short
Publish At:2022-10-11 22:46 | Read:150265 | Comments:0 | Tags:News smart light system light bulb IoT Internet of Things co

Tripwire Patch Priority Index for August 2022

Tripwire’s August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 vulnerabilities, including denial of service, remote code execution, and security feature bypass.Up next are patches that affect compone
Publish At:2022-09-21 07:51 | Read:183619 | Comments:0 | Tags:VERT CVE microsoft PPI vulnerabilities

Threat news: TeamTNT targeting misconfigured kubelet

TeamTNT is a prevalent threat actor who has been targeting cloud and virtual environments such as Kubernetes and Docker since at least late 2019. This threat actor is financially motivated, focusing their efforts on stealing credentials and cryptomining. In 2020, we analyzed their use of Weave Scope on an unsecured Docker API endpoint exposed to the intern
Publish At:2022-09-20 23:36 | Read:153950 | Comments:0 | Tags:CVE Kubernetes Sysdig

WPGateway WordPress plugin vulnerability could allow full site takeover

There’s been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out there doing damage with no fix yet available. Sadly, th
Publish At:2022-09-14 22:45 | Read:291273 | Comments:0 | Tags:News WPGateway WordPress plugin vulnerability CVE Vulnerabil

Blackhat 2022 recap – Trends and highlights

Blackhat 2022, on its 25th anniversary, took place this week in Las Vegas. The most important event for the infosec community and the best place for security vendors to showcase all their innovations and products in this ever-growing ecosystem. This year, attendees come from 111 different countries. In 2020, Black Hat added the word Cloud to the
Publish At:2022-08-12 04:45 | Read:441467 | Comments:0 | Tags:AWS Azure CVE Docker Falco Kubernetes OpenShift Prometheus S

Cryptominer detection: a Machine Learning approach

Cryptominers are one of the main cloud threats today. Miner attacks are low risk, low effort, and high reward for a financially motivated attacker. Moreover, this kind of malware can pass unnoticed because, with proper evasive techniques, they may not disrupt a company’s business operations. Given all the possible elusive strategies, detecting crypto
Publish At:2022-08-10 12:42 | Read:301756 | Comments:0 | Tags:CVE Kubernetes

PrestaShop warns of vulnerability: Update your stores now!

A vulnerability affecting open source e-commerce platform PrestaShop could spell trouble for servers running PrestaShop websites. The 15-year-old organisation’s platform is currently used by around 300,000 shops worldwide. The exploit is very dependent on specific versions in use, so one PrestaShop customer may see different results to another. What
Publish At:2022-07-27 11:52 | Read:351012 | Comments:0 | Tags:Cybercrime Hacking CVE cve-2022-36408 hack hacking presTASHO

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action&#
Publish At:2022-07-19 11:52 | Read:250625 | Comments:0 | Tags:Malwarebytes news compromise CVE exploit hijack JavaScript m

Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CV

Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula accounts, subscriptions, invoicing, and integrations.  This module enables our MSPs to scan, identify, and assess vulnerabilities in customers’ digital ecosystems using our single lightweight agent.  
Publish At:2022-06-14 09:02 | Read:176246 | Comments:0 | Tags:Malwarebytes news CVE MSP vulnerability Vulnerability

Update Chrome now: Four high risk vulnerabilities found

Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patch
Publish At:2022-06-13 12:59 | Read:371151 | Comments:0 | Tags:Exploits and vulnerabilities chrome CVE exploit Google updat

Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

A new zero day vulnerability actively exploited in the wild has been found in Atlassian Confluence. The vulnerability CVE-2022-26134 affects all supported versions of Confluence Server and Confluence Data Center allowing an unauthenticated user to run arbitrary commands remotely. The Atlassian team confirmed the vulnerability with an official tweet an
Publish At:2022-06-03 13:48 | Read:573130 | Comments:0 | Tags:CVE Falco Sysdig Secure

Top CVE Trends — And What You Can Do About Them

Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs.What Is a CVE?The acronym “CVE” stands for Common Vulnerabilities and Exposures, and it ref
Publish At:2022-06-02 02:13 | Read:370010 | Comments:0 | Tags:Featured Articles Vulnerability Management CVE

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud