HackDig : Dig high-quality web security articles

Update Firefox and Thunderbird now! Mozilla patches several high risk vulnerabilities

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. In Firefox 105 a total of seven vulnerabilities were patched, three of which received the security risk rating "high". In Thunderbird three security vulnerabi
Publish At:2022-09-22 22:45 | Read:33702 | Comments:0 | Tags:Exploits and vulnerabilities News CVE-2022-40959 CVE-2022-40

Medtronic's MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA

The US FDA (Food and Drug Administration) has warned users of Medtronic's MiniMed 600 Series Insulin Pump System—specifically, models for MiniMed 630G and MiniMed 670G—that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain unauthorized access to the pump system itself, 
Publish At:2022-09-22 22:45 | Read:29653 | Comments:0 | Tags:Exploits and vulnerabilities News

Update now! Google patches vulnerabilities for Pixel mobile phones

Google’s Pixel Update Bulletin for September included two security patches that are Pixel specific. Both underlying vulnerabilities are rated critical and could lead to privilege escalation and device takeover. The vulnerabilities Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal
Publish At:2022-09-13 22:45 | Read:61235 | Comments:0 | Tags:Exploits and vulnerabilities News Google Pixel critical CVE-

Important update! iPhones, Macs, and more vulnerable to zero-day bug

On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as CVE-2022-32917. As it's a zero-day, nothing much is said about CVE-2022-32917, only t
Publish At:2022-09-13 22:45 | Read:62941 | Comments:0 | Tags:Exploits and vulnerabilities News

Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability

QNAP (Quality Network Appliance Provider) has warned users to update Photo Station to the latest available version. The warning comes after QNAP detected that cybercriminals known as DeadBolt have been exploiting a Photo Station vulnerability in order to encrypt QNAP NAS systems that are directly connected to the internet. QNAP produces N
Publish At:2022-09-06 22:45 | Read:77701 | Comments:0 | Tags:Exploits and vulnerabilities News QNAP Photo Station Deadbol

Zero-day puts a dent in Chrome's mojo

On Friday, Google announced the release of a new version of its Chrome browser that includes a security fix for a zero-day tracked as CVE-2022-3075. As with previous announcements, technical details about the vulnerability won't be released until a certain number of Chrome users have already applied the patch. Google is urging its Windows, Mac, and Linu
Publish At:2022-09-05 20:07 | Read:37435 | Comments:0 | Tags:Exploits and vulnerabilities News

Chromium browsers can write to the system clipboard without your permission

If you are a user of Google Chrome or any other Chromium-based web browser, then websites may push anything they want to the operating system's clipboard without your permission or any user interaction. This means that by simply visiting a website, the data on your clipboard may be overwritten without your consent or knowledge. Clipboard In layman’s te
Publish At:2022-08-30 21:47 | Read:83034 | Comments:0 | Tags:Exploits and vulnerabilities News Chrome Chromium clipboard

Update now! GitLab issues critical security release for RCE vulnerability

GitLab has released versions 15.3.1, 15.2.3, 15.1.5 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and it’s recommended that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version. GitLab GitLab and GitHub are open
Publish At:2022-08-25 22:35 | Read:41060 | Comments:0 | Tags:Exploits and vulnerabilities News GitLab RCE CVE-2022-2884 G

CISA wants you to patch these actively exploited vulnerabilities before September 8

On Thursday, CISA (the US Cybersecurity and Infrastructure Security Agency) updated its catalog of actively exploited vulnerabilities by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch the weaknesses by September 8, 2022. CVE-2022-22
Publish At:2022-08-22 23:11 | Read:55397 | Comments:0 | Tags:Exploits and vulnerabilities News exploit CISA

Urgent update for macOS and iOS! Two actively exploited zero-days fixed

Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, da
Publish At:2022-08-18 23:59 | Read:59025 | Comments:0 | Tags:Exploits and vulnerabilities News macOS iOS CVE-2022-32894 C

Update Chrome now! Google issues patch for zero day spotted in the wild

Google updated the Stable channel for Chrome to 104.0.5112.101 for Mac and Linux and 104.0.5112.102/101 for Windows which will roll out over the coming days/weeks. Extended stable channel has been updated to 104.0.5112.101 for Mac and 104.0.5112.102 for Windows , which will roll out over the coming days/weeks. This update includes 11 security fixes. One of t
Publish At:2022-08-17 20:13 | Read:102584 | Comments:0 | Tags:Exploits and vulnerabilities News 104.0.5112.101 Google Chro

Researchers found one-click exploits in Discord and Teams

A group of security researchers have discovered a series of vulnerabilities in Electron, the software underlying popular apps like Discord, Microsoft Teams, and many others, used by tens of millions of people all over the world. Electron is a framework that allows developers to create desktop applications using the languages used to build websites: HTML5, CS
Publish At:2022-08-15 20:37 | Read:33131 | Comments:0 | Tags:Exploits and vulnerabilities News Discord Spotify MicrosoftT

Thousands of Zimbra mail servers backdoored in large scale attack

Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite (ZCS) email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fix Zimbra is a brand owned by Synacor. Zimbra Collaboration, f
Publish At:2022-08-12 23:59 | Read:39627 | Comments:0 | Tags:Exploits and vulnerabilities News Zimbra ZVS cve-2022-27925

Update now! Microsoft fixes two zero-days in August's Patch Tuesday

Microsoft has published fixes for 141 separate vulnerabilities in its batch of August updates, fixing a total of 118 CVEs in multiple products. This is a new monthly record if you look at the CVE count. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share
Publish At:2022-08-11 23:59 | Read:47383 | Comments:0 | Tags:Exploits and vulnerabilities News Microsoft patch Tuesday MS

Slack flaw exposed users' hashed passwords

Slack, the workplace communication platform, has notified some of its users that their hashed passwords have been subject to exposure for the last five years. The company wasn’t specific in its notice, but Wired said that the flaw was in one of its "low-friction features". The flaw exposed hashed passwords of users when creatin
Publish At:2022-08-11 23:59 | Read:47548 | Comments:0 | Tags:Exploits and vulnerabilities

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud