HackDig : Dig high-quality web security articles for hackers

Microsoft releases emergency security updates to fix Windows codecs

Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities
Publish At:2020-07-01 17:02 | Read:111 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Tripwire Patch Priority Index for June 2020

Tripwire’s June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle.Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle
Publish At:2020-06-24 18:40 | Read:172 | Comments:0 | Tags:VERT News microsoft patch priority index vulnerability

A zero-day guide for 2020: Recent attacks and advanced preventive techniques

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta
Publish At:2020-06-23 14:30 | Read:68 | Comments:0 | Tags:Exploits and vulnerabilities artificial intelligence EDR end

Turn on MFA Before Crooks Do It For You

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves wil
Publish At:2020-06-19 17:21 | Read:167 | Comments:0 | Tags:Latest Warnings Security Tools Dennis Dayman microsoft multi

Facial recognition: tech giants take a step back

Last week, a few major tech companies informed the public that they will not provide facial recognition software to law enforcement. These companies are concerned about the way in which their technology might be used. What happens when software that threatens our privacy falls into the hands of organization which we no longer trust? In general, being awar
Publish At:2020-06-18 13:50 | Read:180 | Comments:0 | Tags:Artificial Intelligence Privacy ACLU AI amazon biometrics EF

Why Mobile Threat Defense is an Absolute Requirement to Protect O365/Teams Users & Zero Trust Efforts

Government agencies’ usage of Microsoft Office 365 and Teams has skyrocketed (over 900% for some agencies). Unfortunately, the cyber threats to the GFE and BYOD mobile devices that are accessing O365 has also significantly increased. Without implementing mobile threat defense (MTD) solutions, agencies and their “Zero Trust” initiatives are exposed and
Publish At:2020-06-16 14:44 | Read:129 | Comments:0 | Tags:Mobile Threat Defense Endpoint Manager Microsoft mobile thre

Microsoft Azure users leave front door open for cryptomining crooks

byDanny BradburyRemember when as a server operator all you had to worry about were people scanning for open ports and then stealing secrets via telnet shells? Those were the days, eh?Things got a lot more complicated when the cloud got popular. Now, hackers are gaining access to cloud-based systems via the web, and they’re using them to mine for cryptocurren
Publish At:2020-06-15 11:46 | Read:186 | Comments:0 | Tags:Cryptocurrency Microsoft cryptomining Istio Kubeflow Kuberne

Tech firms suspend use of ‘biased’ facial recognition technology

Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use. Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments, the tech giants are also urging for federal laws to regulate the use of these solutions. Mi
Publish At:2020-06-14 15:48 | Read:207 | Comments:0 | Tags:Breaking News Digital ID Amazon IBM information security new

Microsoft squishes 129 bugs with Patch Tuesday updates

byDanny BradburyWhoosh. You hear that? It’s the sound of Microsoft’s security fire hose spraying out a river of CVE fixes. That’s right – Patch Tuesday was this week and the software giant released patches to fix 129 CVEs.The lion’s share of the bugs are rated important, but there are 11 CVEs rated critical. They are remote code
Publish At:2020-06-11 07:24 | Read:187 | Comments:0 | Tags:Internet Explorer Microsoft Microsoft Edge Windows CVEs remo

SMBleed could allow a remote attacker to leak kernel memory

Microsoft addressed a Server Message Block (SMB) protocol issue, named SMBleed, that could allow an attacker to leak kernel memory remotely, without authentication. Recently released Microsoft June 2020 Patch Tuesday updates also address a vulnerability in the Server Message Block (SMB) protocol dubbed SMBleed (CVE-2020-1206) that could allow an atta
Publish At:2020-06-11 06:44 | Read:196 | Comments:0 | Tags:Breaking News Hacking CVE-2020-0796 it security it security

Tripwire Patch Priority Index for May 2020

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal
Publish At:2020-05-31 23:20 | Read:226 | Comments:0 | Tags:Featured Articles VERT microsoft Priority Patch Index vulner

Windows 10 adds new security and privacy features in May update

byDanny BradburyWindows 10 release 2004 is out, with a slew of new features. They include several updates to its security and privacy. Here’s what you get when you download it, as outlined in the company’s blog post.Microsoft has updated its System Guard Firmware Measurement. This feature, launched in Windows 10 1903, helps guarantee the integrit
Publish At:2020-05-29 06:41 | Read:199 | Comments:0 | Tags:Microsoft Microsoft Edge Windows Application Guard Cortana F

Update now! Windows gets another bumper patch update

byJohn E DunnAfter a flurry of zero-day vulnerabilities in recent editions, May’s Patch Tuesday finally gives Windows users a month off having to fix ‘big’ exploited or public flaws.The catch is it’s still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes (the record being March’s 115 fixes), nearly half of which
Publish At:2020-05-18 12:28 | Read:257 | Comments:0 | Tags:Operating Systems Windows Adobe Acrobat Internet Explorer Mi

PrintDemon – patch this ancient Windows printer bug!

byPaul DucklinThis month’s Patch Tuesday fixes just came out in what we’re calling a “bumper update“.Microsoft pushed out fixes for 111 different CVE-tagged vulnerabilities, 16 of which are deemed critical.That includes bugs that could in theory be remotely exploited, for example via rogue attachments or booby-trapped web pages, to im
Publish At:2020-05-18 12:27 | Read:141 | Comments:0 | Tags:Vulnerability EoP Microsoft PrintDemon spooler vulnerability

Microsoft joins encrypted DNS club with Windows 10 option

byDanny BradburyMicrosoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10. In Build 19628 and higher, you’ll be able to encrypt your DNS traffic to prevent your geeky flatmate, that hoodie-wearing person in your local coffee shop, and possibly your ISP from snooping on your browsing destinations.We
Publish At:2020-05-18 12:27 | Read:216 | Comments:0 | Tags:Microsoft DNS filtering DNS-over-HTTPS DoH Windows 10

Announce

Share high-quality web security related articles with you:)

Tools