HackDig : Dig high-quality web security articles for hacker

Drupal Update Issues Could Expose Web Admins to Attacks

A researcher has identified three security issues in Drupal that could expose unsuspecting web admins to various attacks.Fernando Arnaboldi, a senior security researcher and consultant at IOActive, discusses the three issues in a post on his company’s blog.The first issue is that when the Drupal update process fails, certain versions of Drupal will no
Publish At:2016-01-07 14:20 | Read:3515 | Comments:0 | Tags:Latest Security News CSRF denial of service Drupal Fernando

Microsoft Patches Denial of Service Issue in Hyper-V

In addition to the usual slew of patches Microsoft dropped this week, the company on Tuesday also addressed an issue in its hypervisor, Hyper-V, that could lead to a denial of service condition.Microsoft warned about the issue in an advisory separate from its usual Patch Tuesday bulletins. The native hypervisor can be used to run virtual machines on Window
Publish At:2015-11-12 21:50 | Read:2204 | Comments:0 | Tags:Microsoft Virtualization Vulnerabilities Denial of Service H

Novel NTP Attacks Roll Back Time

Sharon Goldberg remembers the cold February day when her Boston University PhD candidate Aanchal Malhotra was studying routing security, in particular, attacks against the resource public key infrastructure (RPKI)—and kept hitting a dead end because of a cache-flushing issue.The resourceful Malhotra decided to roll back the time on her computer as a last-dit
Publish At:2015-10-22 21:40 | Read:4013 | Comments:0 | Tags:Cryptography Hacks Vulnerabilities Web Security Aanchal Malh

Fuzzing for Fun and Profit

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “t
Publish At:2015-10-13 17:40 | Read:2987 | Comments:0 | Tags:exploitation fuzzing infosec pentesting pentura security Sof

Cisco Patches Denial-of-Service, Bypass Vulnerabilities in IOS

Cisco pushed out on Wednesday its usual semiannual round of patches for IOS, the software the company uses for most of its routers and switches.This month’s security advisories addressed four vulnerabilities, three which could lead to denial of service situations, and another that could have let an attacker bypass user authentication.The bypass vulnera
Publish At:2015-09-24 22:50 | Read:2208 | Comments:0 | Tags:Vulnerabilities Bypass vulnerabilities Cisco Denial of Servi

Three Buffer Overflow Vulnerabilities Patched by Yokogawa

Japanese electrical engineering and software company Yokogawa has patched three stack-based buffer overflow vulnerabilities in several of its products.According to an advisory published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the bugs affect Yokogawa’s CENTUM series as well as Exaplog, PRM, STARDOM, and others.“
Publish At:2015-09-14 15:15 | Read:2656 | Comments:0 | Tags:Latest Security News buffer overflow denial of service SARA

Cisco Patches IPv6 Vulnerability in Carrier-Grade Router System

Cisco said on Thursday it has patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.The vulnerability, Cisco said, rests in the IPv6 processing code used by IOS XR in the Cisco CRS-3 Carrier Routing System. The bug is remotely exploitable and is due to incorrect processing of legitimate IPv6 packets carrying valid IPv
Publish At:2015-06-12 10:05 | Read:2632 | Comments:0 | Tags:Vulnerabilities Web Security carrier routers carrier securit

Remotely Exploitable flaws affect SAP solutions

SAP products make use of a proprietary implementation of LZC and LZH compression algorithms that could be exploited by attackers in several ways. For the second time in a week, we are speaking about security vulnerabilities affecting SAP systems, recently I wrote about a study published by the Onapsis firm that revealed over 9
Publish At:2015-05-15 07:10 | Read:3628 | Comments:0 | Tags:Breaking News Hacking Security CVE-2015-2278 CVE-2015-2282 D

Best Practices: Device Hardening and Recommendations

On April 13th, 2015, Cisco PSIRT was made aware of multiple instances of customer disruption in a specific region caused by a denial of service attack against Cisco devices. We responded quickly to support speedy restoration for our customers.Our ongoing investigation has shown that the storage of some Cisco devices was erased, removing both the Cisco IOS an
Publish At:2015-04-23 19:30 | Read:3831 | Comments:0 | Tags:Security denial of service incident response psirt security

How to crash any iPhone or iPad within WiFi range

Security researchers presenting at this week’s RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone.Skycure’s Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot.And it doesn’t
Publish At:2015-04-22 11:45 | Read:2844 | Comments:0 | Tags:IT Security and Data Protection Apple denial of service iOS

#HackerKast 30: Verizon Supercookie, Tesla Stock April Fools, Bugs in Tor, YouTube Bounty Hack, ‘Do Not Track̵

Hey All! We made it to 30 Episodes! Thanks for coming along for the ride, and hope you’re enjoying HackerKast. Now… the news! First we talked about the follow up to a story we spoke about a few weeks back that had to do with Verizon tracking its customers. They were doing this by implementing a sort of “supercookie” which was injecte
Publish At:2015-04-09 12:25 | Read:2982 | Comments:0 | Tags:Vulnerabilities Web Application Security WhiteHat HackerKast

Ghost blogging platform affected by multiple vulnerabilities

A group of researchers from Voidsec have found six vulnerabilities in the Ghost blogging platform that allow privilege editing and DoS. Six vulnerabilities have been found affecting Ghost, the blogging platform coded in the Node.js born on October 2013. These vulnerability were discovered on January 26 by a group of researcher
Publish At:2015-03-23 09:40 | Read:3283 | Comments:0 | Tags:Breaking News Hacking blog Denial of Service DOS Ghost blogg

New-style ransomware locks out your customers - demands money to let them log back in

A boutique Swiss security outfit recently wrote about a sneaky new sort of ransomware.It's an intriguing story.The crooks, it seems, decided to take it out on company X by means of extortion: encrypt customer data, and then offer the decryption key for a price.There are several unsubtle way to do this, such as: Hack into the network, shut down the network fa
Publish At:2015-02-04 21:45 | Read:2281 | Comments:0 | Tags:Cryptography Denial of Service Featured Ransomware denial of

Ubuntu patched several security vulnerabilities

Ubuntu has released several patches for security vulnerabilities in different versions of the OS, including some CSRF, DoS and remote code execution flaws. Ubuntu has patched several security vulnerabilities that affect different OSs, some of them are affecting Thunderbird client included in Ubuntu release and could be exploit
Publish At:2015-01-21 16:45 | Read:3186 | Comments:0 | Tags:Security Cross-site Request Forgery Denial of Service Hackin

What is a DoS attack really?

Ordinary people here in Finland have been confronted with yet another cybersecurity acronym lately, DoS. And this does not mean that retro-minded people are converting back to the pre-Windows operating system MS-DOS that we used in the eighties. Today DoS stands for Denial of Service. This case started on New Year’s Eve when customers of the OP-Pohjola bank
Publish At:2015-01-05 15:25 | Read:3102 | Comments:0 | Tags:Online Threats Security bot botnet cracker crime criminal cy

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud