HackDig : Dig high-quality web security articles

Microsoft Exchange Autodiscover flaw reveals users’ passwords

Researchers have been able to get hold of 372,072 Windows domain credentials, including 96,671 unique credentials, in slightly over 4 months by setting up a Microsoft Exchange server and using Autodiscover domains. The credentials that are being leaked are valid Windows domain credentials used to authenticate to Microsoft Exchange servers. What is Auto
Publish At:2021-09-23 15:16 | Read:125 | Comments:0 | Tags:Exploits and vulnerabilities autodiscover domains exchange m

Patch vCenter Server “right now”, VMWare expects CVE-2021-22005 exploitation within minutes of disclosure

VMware is urging users of vCenter server to patch no fewer than 19 problems affecting its products. These updates fix a variety of security vulnerabilities, but and one of them is particularly nasty. That would be CVE-2021-22005, a critical file upload vulnerability with a CVSS score of 9.8 out of 10. It’s so bad the company is advising users to
Publish At:2021-09-22 11:20 | Read:152 | Comments:0 | Tags:Exploits and vulnerabilities CVE-2021-22005 vcenter vmware e

Patch now! Insecure Hikvision security cameras can be taken over remotely

In a detailed post on Github, security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hikvision Hangzhou Hikvision Digital Technology Co., Ltd. engages in the
Publish At:2021-09-22 11:20 | Read:133 | Comments:0 | Tags:Exploits and vulnerabilities CVE-2021-36260 hikvision PTZ Wa

FBI and CISA warn of APT groups exploiting ADSelfService Plus

In a joint advisory the FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) warn that advanced persistent threat (APT) cyber-actors may be exploiting a vulnerability in ManageEngine’s single sign-on (SSO) solution. The vulnerability Publicly disclosed computer security flaws
Publish At:2021-09-17 11:20 | Read:107 | Comments:0 | Tags:Exploits and vulnerabilities adselfservice plus APT cgcyber

HP OMEN users, update your driver now!

HP has released a patch to fix a flaw in the HP OMEN driver. As far as we know the flaw isn’t being actively exploited, but it’s worth applying the patch as soon as you can. The flaw, the fix The driver vulnerability, which is tracked as CVE-2021-3437, was found by Kasif Dekel, a senior security researcher at SentinelLabs. If exploite
Publish At:2021-09-16 07:23 | Read:158 | Comments:0 | Tags:Exploits and vulnerabilities CVE-2021-3437 HP OMEN HP OMEN C

Patch now! PrintNightmare over, MSHTML fixed, a new horror appears … OMIGOD

The September 2021 Patch Tuesday could be remembered as the final patching attempt in the PrintNightmare… nightmare. The ease with which the vulnerabilities shrugged off the August patches doesn’t look to get a rerun. So far we haven’t seen any indications that this patch is so easy to circumvent. The total count of fixes for this Patch Tuesday tall
Publish At:2021-09-15 11:19 | Read:268 | Comments:0 | Tags:Exploits and vulnerabilities Azure cve-2021-36958 cve-2021-3

Update now! Google Chrome fixes two in-the-wild zero-days

Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 (93.0.4577.82), will be released for Windows, Mac, and Linux (if it hasn’t already). Chrome users are expected t
Publish At:2021-09-14 15:15 | Read:136 | Comments:0 | Tags:Exploits and vulnerabilities 93.0.4577.82 Chrome vulnerabili

500,000 Fortinet VPN credentials exposed: Turn off, patch, reset passwords

A threat actor has leaked a list of almost 500,000 Fortinet VPN credentials, stolen from 87,000 vulnerable FortiGate SSL-VPN devices. The breach list provides raw access to organizations in 74 countries, including the USA, India, Taiwan, Italy, France, and Israel, with almost 3,000 US entities affected. According to Fortinet the credentials were obtained
Publish At:2021-09-09 15:15 | Read:285 | Comments:0 | Tags:Exploits and vulnerabilities Babuk cve-2018-13379 fortigate

Windows MSHTML zero-day actively exploited, mitigations required

Several researchers have independently reported a 0-day remote code execution vulnerability in MSHTML to Microsoft. The reason it was reported by several researchers probably lies in the fact that a limited number of attacks using this vulnerability have been identified, as per Microsoft’s security update. Microsoft is aware of targeted attacks that attem
Publish At:2021-09-08 11:20 | Read:304 | Comments:0 | Tags:Exploits and vulnerabilities activex Internet Explorer micro

Patch now! Netgear fixes serious smart switch vulnerabilities

In a security advisory, NetGear has announced it has fixed three vulnerabilities in firmware updates for several network devices. Most of the affected products are smart switches, some of them with cloud management capabilities that allow for configuring and monitoring them over the web. One of the vulnerabilities was dubbed Demon’s Cries and is reg
Publish At:2021-09-07 11:19 | Read:234 | Comments:0 | Tags:Exploits and vulnerabilities Demon's Cries Draconian Fe

BrakTooth Bluetooth vulnerabilities, crash all the devices!

Security researchers have revealed details about a set of 16 vulnerabilities that impact the Bluetooth software stack that ships with System-on-Chip (SoC) boards from several popular vendors. The same group of researchers disclosed the SweynTooth vulnerabilities in February 2020. They decided to dub this set of vulnerabilities BrakTooth. BrakTooth affects
Publish At:2021-09-02 15:15 | Read:197 | Comments:0 | Tags:Exploits and vulnerabilities BLE bluetooth braktooth cve-202

Vulnerable WordPress plugin leaves online shoppers vulnerable

The most popular web content management system (CMS) is WordPress, which is used by more than 30% of all websites. By extension, the most popular ecommerce platform in the world is WooCommerce, a plugin that turns a WordPress website into an online shop. In fact, WooCommerce is so popular that it isn’t just part of WordPress’s software ecosystem,
Publish At:2021-09-02 15:15 | Read:233 | Comments:0 | Tags:Exploits and vulnerabilities CMS csrf Dynamic Pricing and Di

ProxyToken: Another nail-biter from Microsoft Exchange

Had I known this season of Microsoft Exchange was going to be so long I’d have binge watched. Does anyone know how many episodes there are? Sarcasm aside, while ProxyToken may seem like yet another episode of 2021’s longest running show, that doesn’t make it any less serious, or any less eye-catching. The plot is a real nail-biter (and there&#
Publish At:2021-08-31 11:19 | Read:286 | Comments:0 | Tags:Exploits and vulnerabilities cve-2021-33766 microsoft exchan

Latest iPhone exploit, FORCEDENTRY, used to launch Pegasus attack against Bahraini activists

Researchers from Citizen Lab, an academic research and development lab based in the University of Toronto in Canada, has recently discovered that an exploit affecting iMessage is being used to target Bahraini activists with the Pegasus spyware. The Bahrain government and groups linked to them—such as LULU, a known operator of Pegasus, and others like them wh
Publish At:2021-08-26 14:21 | Read:454 | Comments:0 | Tags:Exploits and vulnerabilities Al Wefaq Amnesty International

Mice “taking over the world!”, one Windows machine at a time

Famously, Pinky and the Brain were a pair of animated mice that wanted to take over the world. Of course they never succeed, but maybe they just set their sights too high. Because while mice may not be taking over the world yet, they are taking over computers. In the last week, security researchers have reported not one, but two different mice (of the no
Publish At:2021-08-25 10:25 | Read:370 | Comments:0 | Tags:Exploits and vulnerabilities plyg and play razer steelseries


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud