HackDig : Dig high-quality web security articles

Firefox, Thunderbird, receive patches for critical security issues

Mozilla has published updates for two critical security issues in Firefox and Thunderbird, demonstrated during Pwn2Own Vancouver. The vulnerabilities, discovered in the Firefox JavaScript engine (shared by the Firefox-based Tor browser) relate to Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. For users of Thunderbird, the vulnerability
Publish At:2022-05-27 09:01 | Read:106 | Comments:0 | Tags:Exploits and vulnerabilities CVE-2022-1529 CVE-2022-1802 exp

Update now! Multiple vulnerabilities patched in Google Chrome

Google has announced an update for the Chrome browser that includes 32 security fixes. The severity rating for one of the patched vulnerabilities is Critical. The stable channel was promoted to 102.0.5005.61/62/63 for Windows, and 102.0.5005.61 for Mac and Linux. Critical Google rates vulnerabilities as critical if they allow an attacker to run arbi
Publish At:2022-05-25 09:01 | Read:101 | Comments:0 | Tags:Exploits and vulnerabilities chrome critical cve-2022-1853 I

Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers

Multiple NVIDIA graphic card models have been found to have flaws in their GPU drivers, with six medium-and four high-severity ratings. Last Monday, the company released a software security update for NVIDIA GPU Display Driver to address the vulnerabilities. If exploited, they could lead to denial of service, code execution, privilege escalation, and dat
Publish At:2022-05-23 09:01 | Read:186 | Comments:0 | Tags:Exploits and vulnerabilities CVE-2022-28181 CVE-2022-28182 C

VMWare vulnerabilities are actively being exploited, CISA warns

The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory (CSA) about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities The title of the advisory is “Threat Actors Chaining Unpatched VMware Vul
Publish At:2022-05-19 09:01 | Read:157 | Comments:0 | Tags:Exploits and vulnerabilities cisa cve-2022-22954 cve-2022-22

Sysrv botnet is out to mine Monero on your Windows and Linux servers

In a Twitter thread, the Microsoft Security Intelligence team have revealed new information about the latest versions of the Sysrv botnet. The variant they focused on uses a range of known exploits for vulnerabilities in web apps and databases to install cryptocurrency miners on both Windows and Linux systems. Background The Sysrv botnet first recei
Publish At:2022-05-18 09:01 | Read:207 | Comments:0 | Tags:Botnets Exploits and vulnerabilities botnet crypto miner cve

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of his discoveries.
Publish At:2022-05-17 16:57 | Read:207 | Comments:0 | Tags:Exploits and vulnerabilities CAPTCHA csrf facebook gmail ifr

Update now! Apple patches zero-day vulnerability affecting Macs, Apple Watch, and Apple TV

Apple has released security updates for a zero-day vulnerability that affects multiple products, including Mac, Apple Watch, and Apple TV. The flaw is an out-of-bounds write issue—tracked as CVE-2022-22675—in AppleAVD, a decoder that handles specific media files. An out-of-bounds write or read flaw makes it possible to manipulate parts of the memory w
Publish At:2022-05-17 16:57 | Read:148 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apple Mac Apple TV Apple

F5 BIG-IP vulnerability is now being used to disable servers

As we reported a few days ago, a F5 BIG-IP vulnerability listed as CVE-2022-1388 is actively being exploited. But now researchers have noticed that attackers aren’t just taking control of the vulnerable servers but also making them unusable by destroying the device’s file system. F5 BIG-IP The BIG-IP platform by F5 is a family of products coverin
Publish At:2022-05-12 09:01 | Read:296 | Comments:0 | Tags:Exploits and vulnerabilities cve-2022-1388 f% BIG-IP web she

Update now! Microsoft releases patches, including one for actively exploited zero-day

Microsoft has released patches for 74 security problems, including fixes for seven “critical” vulnerabilities, and an actively exploited zero-day vulnerability that affects all supported versions of Windows. First, we’ll look at the actively exploited zero-day. Then we’ll discuss two zero-days that are publicly disclosed, but so far no in the
Publish At:2022-05-11 12:59 | Read:262 | Comments:0 | Tags:Exploits and vulnerabilities adobe Azure chrome Cisco cve-20

Update now! F5 BIG-IP vulnerability being actively exploited

The Australian Cyber Security Centre (ACSC) has announced it is aware of the existence of Proof of Concept (PoC) code exploiting a F5 Security Advisory Addressing Multiple Vulnerabilities in its BIG-IP Product Range. The vulnerability listed as CVE-2022-1388 allows attackers to bypass authentication on internet-exposed iControl interfaces, potentially exe
Publish At:2022-05-09 12:52 | Read:847 | Comments:0 | Tags:Exploits and vulnerabilities cve-2022-1388 f5 big ip iContro

Google fixes two critical Pixel vulnerabilities: Get your updates when you can!

Google has made updates available for Android 10, 11, 12 and 12L. The May Android Security Bulletin contains details of security vulnerabilities affecting Android devices. The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices. Pixel phones are Google’s “pure Android
Publish At:2022-05-05 12:48 | Read:451 | Comments:0 | Tags:Exploits and vulnerabilities Android bootloader cve-2021-350

Unfixed vulnerability in popular library puts IoT products at risk

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as Embedded Gentoo. Because the library maintainer was unable t
Publish At:2022-05-04 12:48 | Read:462 | Comments:0 | Tags:Exploits and vulnerabilities dns poisoning IoT library mitm

Update now! Critical patches for Chrome and Edge

Google has released an update for its Chrome browser that includes 30 security fixes. The latest version of the stable channel is now Chrome 101.0.4951.41 for Windows, Mac and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Microsoft advises Edge users—which is essentially a Microsoft-bad
Publish At:2022-04-30 12:48 | Read:612 | Comments:0 | Tags:Exploits and vulnerabilities cjhromium edge chrome use after

The top 5 most routinely exploited vulnerabilities of 2021

A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States (CISA, NSA, and FBI), Australia (ACSC), Canada (CCCS), New Zealand (NZ NCSC), and the United Kingdom (NCSC-UK) has detailed the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently
Publish At:2022-04-29 12:48 | Read:600 | Comments:0 | Tags:Exploits and vulnerabilities cisa confluence cve-2021-26084

QNAP customers urged to disable AFP to protect against severe vulnerabilities

MacOS users that have a network-attached storage (NAS) device made by QNAP are being advised to disable the Apple Filing Protocol (AFP) on their devices until some severe vulnerabilities have been fixed. But QNAP is not the only vendor that needed to fix these vulnerabilities. Others have already done so, or have taken more drastic measures. Taiwanese cor
Publish At:2022-04-28 12:48 | Read:497 | Comments:0 | Tags:Exploits and vulnerabilities afpqnap cve-2021-23121 cve-2021

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3