HackDig : Dig high-quality web security articles

Exploited Control Web Panel Flaw Added to CISA 'Must-Patch' List

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.The agency added the CVE-2022-44877 flaw to its KEV (Known Exploited Vulnerabilities) catalog and set a February 7th deadline for federal
Publish At:2023-01-18 14:30 | Read:91896 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It
Publish At:2023-01-18 14:30 | Read:81172 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Researchers: Brace for Zoho ManageEngine 'Spray and Pray' Attacks

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet.The vulnerability, patched by Zoho last November, affects multiple Zoho ManageEngine products and can be reached over the internet to launch code execu
Publish At:2023-01-16 18:28 | Read:124214 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Tesla Returns as Pwn2Own Hacker Takeover Target

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise.Tesla, in tandem with Pwn2Own organizations Zero Day Initiative, is offering a $600,000 cash prize to any hacker capable of writing exploits that pivot through multiple systems
Publish At:2023-01-12 18:28 | Read:161265 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Severe Vulnerabilities Allow Hacking of Asus Gaming Router

Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers.A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.Last year, Cisco’s Talos researchers identified three critic
Publish At:2023-01-12 10:32 | Read:89168 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities hack

Investors Bet Big on Subscription-Based Security Skills Training

Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space.Hack the Box said the $55 million Series B was led by global investment firm Carlyle. Paladin Capital Group, Osage University Part
Publish At:2023-01-11 14:30 | Read:71584 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox.The zero-day, flagged by researchers at anti-malware company Avast, was exploited in live attacks to elevate privileges and escape a
Publish At:2023-01-10 18:28 | Read:149705 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Zoom Patches High Risk Flaws on Windows, MacOS Platforms

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privilege escalation attacks on both Windows and macOS platforms.The company’s first batch of patches for 2023 includ
Publish At:2023-01-10 14:30 | Read:98020 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Application Security Em

Microsoft Flags Ransomware Problems on Apple's macOS Platform

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices.In a blog post documenting its research into four known macOS ransomwar
Publish At:2023-01-09 18:28 | Read:98770 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Predictions 2023: Big Tech’s Coming Security Shopping Spree

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines.For the most part, not much will change. Organizations large and small will continue to acknowledge major data breaches,
Publish At:2023-01-05 14:30 | Read:78339 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Critical Vulnerabilities Patched in Synology Routers

Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest.The company published two new critical advisories in late December. One of them describes an internally discovered vulnerability
Publish At:2023-01-03 10:32 | Read:110712 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities IoT Sec

Netwrix Acquires Remediant for PAM Technology

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.Financial terms of the acquisition were not disclosed. Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capit
Publish At:2022-12-28 14:29 | Read:126216 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Application Security Au

Microsoft Patches Azure Cross-Tenant Data Access Flaw

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure
Publish At:2022-12-23 18:27 | Read:134096 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Is Enterprise VPN on Life Support or Ripe for Reinvention?

While enterprise VPNs fill a vital role for business, they have several limitations that impact their usability and cybersecurityOvernight, remote work evolved from a rarely used ‘perk’ with separately managed security and compliance processes, to becoming the center for keeping business running during the pandemic. To get work-from-anywhere initiatives off
Publish At:2022-12-21 10:31 | Read:111658 | Comments:0 | Tags:INDUSTRY INSIGHTS Network Security

FoxIt Patches Code Execution Flaws in PDF Tools

Foxit Software has rolled out a critical-severity patch to cover a dangerous remote code execution flaw in its flagship PDF Reader and PDF Editor products.The vulnerability, which was discovered and reported by researchers at the Renmin University of China, could be exploited via rigged PDF files of web pages, the company warned in an advisory.Foxit, which o
Publish At:2022-12-19 18:27 | Read:129788 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud