HackDig : Dig high-quality web security articles for hackers

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day. Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. The CVE-2020-15999 flaw is a
Publish At:2020-10-21 09:18 | Read:98 | Comments:0 | Tags:Breaking News Hacking Chrome CVE-2020-15999 Google hacking n

Chrome Update Patches Actively Exploited FreeType Vulnerability

A Chrome 86 update released by Google on Tuesday patches several high-severity vulnerabilities, including a zero-day that has been exploited in the wild.The actively exploited vulnerability is tracked as CVE-2020-15999 and it has been described as a heap buffer overflow bug affecting FreeType, a popular software library for rendering fonts.In addition to Chr
Publish At:2020-10-21 08:45 | Read:122 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

NSA: Patch These 25 CVEs Exploited by Chinese Attackers

The NSA has published a list of the top 25 vulnerabilities currently being exploited by Chinese state-backed hackers to target US organizations.These attackers work as most cybercrime groups typically would: by identifying and gathering information on a target, identifying any vulnerabilities and then launching an exploitation operation using homegrown or re
Publish At:2020-10-21 06:25 | Read:112 | Comments:0 | Tags: exploit

New Google Chrome version fixes actively exploited zero-day bug

Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day bug."Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," the Google Chrome 86.0.4240.111 announcement reads.This version
Publish At:2020-10-20 17:30 | Read:71 | Comments:0 | Tags:Security Google exploit

NSA details top 25 flaws exploited by China-linked hackers

The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild. The US National Security Agency (NSA) has published a report that includes details of the top 25 vulnerabilities that are currently being exploited by China-linked APT groups in attacks in the wild
Publish At:2020-10-20 17:11 | Read:110 | Comments:0 | Tags:APT Breaking News Hacking hacking news information security

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.The US National Security Agency (NSA) today published a list of the top 25 publicly known vulnerabilities most often scanned for and targeted by state-sponsored attackers out of China.Related Content:Trickbot Tenacity Shows Infrastructure
Publish At:2020-10-20 15:49 | Read:99 | Comments:0 | Tags: exploit hack

Bug bounty reporter cashes out on someone else's exploit

Bug bounty programs have gained increased momentum and interest from the security research community for their role in promoting security awareness and responsible vulnerability disclosure. But they are not without their fair share of problems. Bug bounty platforms fill a genuine need. They help companies solicit vulnerability report
Publish At:2020-10-19 10:18 | Read:27 | Comments:0 | Tags:Security Software exploit

Microsoft fixes critical Outlook bug exploitable via preview pane

Microsoft has released the October 2020 Office security updates with a total of 24 security updates and 5 cumulative updates for 7 different products, fixing 13 vulnerabilities that could enable remote attackers to execute arbitrary code on vulnerable systems.The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a
Publish At:2020-10-14 13:18 | Read:167 | Comments:0 | Tags:Security Microsoft exploit

Remotely Exploitable DoS Vulnerabilities Found in Allen-Bradley Adapter

Cisco Talos this week released the details of several remotely exploitable denial-of-service (DoS) vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation.The affected product is the Allen-Bradley 1794-AENT Flex I/O series B adapter, specifically the device’s Ethernet/IP request path port/data/logical s
Publish At:2020-10-14 07:46 | Read:112 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities exploit

Windows “Ping of Death” bug revealed – patch now!

byPaul DucklinEvery time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say.Patch early, patch often.After all, why risk letting the crooks sneak in front of you when you could take a resolute stride ahead of them?Well, this month, the Offensive Sec
Publish At:2020-10-13 22:06 | Read:180 | Comments:0 | Tags:Microsoft Vulnerability CVE-2020-16899 Exploit IPv6 Patch Tu

Attackers Chaining Zerologon with VPN Exploits

The US government has warned of newly discovered APT attacks combining exploits of VPN products with those for the recently disclosed Zerologon bug.The joint alert from the FBI and Cybersecurity and Infrastructure Security Agency (CISA) revealed that government and non-government targets are being attacked in this campaign.It warned that access to federal an
Publish At:2020-10-12 08:19 | Read:144 | Comments:0 | Tags: exploit

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Microsoft has uncovered Zerologon attacks that were allegedly conducted by the infamous TA505 Russia-linked cybercrime group. Microsoft spotted a series of Zerologon attacks allegedly launched by the Russian cybercrime group tracked as TA505, CHIMBORAZO and Evil Corp. Microsoft experts spotted the Zerologon attacks involving fake software updates, the
Publish At:2020-10-10 14:20 | Read:158 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Cybercrime hacking news in

Critical Zerologon Flaw Exploited in TA505 Attacks

Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.Microsoft has observed new threat activity exploiting the critical Zerologon vulnerability (CVE-2020-1472. The campaign poses as software updates that connect with known TA505 command-and-control infrastructure,
Publish At:2020-10-09 15:01 | Read:202 | Comments:0 | Tags: exploit

Microsoft Warns of Russian Cybercriminals Exploiting Zerologon Vulnerability

Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group.According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control (C&C) infrastructure known to be associated with TA505, which the company tracks as CHI
Publish At:2020-10-09 12:15 | Read:157 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

BACnet Test Server 1.01 Remote Denial of Service Exploit

Title: BACnet Test Server 1.01 Remote Denial of Service Exploit Advisory ID: ZSL-2020-5597 Type: Local/Remote Impact: DoS Risk: (3/5) Release Date: 06.10.2020Summary This is a simple BACnet Server aimed at developers who want to explore or test their BACnet Client impleme
Publish At:2020-10-06 20:54 | Read:198 | Comments:0 | Tags: exploit


Tag Cloud