HackDig : Dig high-quality web security articles for hackers

S3 Ep2: Creepy smartwatches, botnets and Pings of Death – Podcast

byPaul DucklinIn this episode, we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft’s short-lived takedown of Trickbot, explain how to avoid the Windows “Ping of Death” bug, and (oh no!) find the source of mysterious beeping from every computer in the office.Presenters: Kimberly Truong, Doug Aamoth and Paul
Publish At:2020-10-16 12:30 | Read:264 | Comments:0 | Tags:Podcast Naked Security Podcast Patch Tuesday Privacy smartwa

Windows “Ping of Death” bug revealed – patch now!

byPaul DucklinEvery time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say.Patch early, patch often.After all, why risk letting the crooks sneak in front of you when you could take a resolute stride ahead of them?Well, this month, the Offensive Sec
Publish At:2020-10-13 22:06 | Read:320 | Comments:0 | Tags:Microsoft Vulnerability CVE-2020-16899 Exploit IPv6 Patch Tu

August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild

The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be used for spoofing.
Publish At:2020-08-14 15:07 | Read:510 | Comments:0 | Tags:Exploits Vulnerabilities August Patch Tuesday patch Patch Tu

Microsoft July 2020 Security Updates address 123 vulnerabilities

Microsoft July 2020 addressed 123 security flaws across 13 products, including a 17-year-old wormable issue for hijacking Microsoft Windows Server dubbed SigRed. Microsoft July 2020 addressed 123 security vulnerabilities impacting 13 products, none of them has been observed being exploited in attacks in the wild. The July 2020 security release consists
Publish At:2020-07-15 05:21 | Read:461 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs

This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities. While the update contained a significant number of patches, only 11 were rated Critical. One of the patches addresses yet anoth
Publish At:2020-06-10 05:10 | Read:641 | Comments:0 | Tags:Vulnerabilities Patch Tuesday

May Patch Tuesday: More Fixes for SharePoint, TLS, Runtime, and Graphic Components Released

This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important. Four of the vulnerabilities rated as Important for this release were disclosed by the Zero Day Initiative (ZDI): two for remote code execution (RCE) and two for escalation of privileges. Other updates
Publish At:2020-05-18 12:48 | Read:611 | Comments:0 | Tags:Exploits Vulnerabilities Patch Tuesday

Update now! Windows gets another bumper patch update

byJohn E DunnAfter a flurry of zero-day vulnerabilities in recent editions, May’s Patch Tuesday finally gives Windows users a month off having to fix ‘big’ exploited or public flaws.The catch is it’s still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes (the record being March’s 115 fixes), nearly half of which
Publish At:2020-05-18 12:28 | Read:727 | Comments:0 | Tags:Operating Systems Windows Adobe Acrobat Internet Explorer Mi

VERT Threat Alert: April 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-880 on Wednesday, April 15th.In-The-Wild & Disclosed CVEsCVE-2020-0935A vulnerability in the OneDrive for Windows desktop application could allow an attacker to overwrite a targeted file and ultimat
Publish At:2020-04-15 00:01 | Read:1275 | Comments:0 | Tags:VERT Patch Tuesday

Microsoft addresses three Windows issues actively exploited

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. 17 vulnerabilities are rated critical, the
Publish At:2020-04-14 19:20 | Read:1958 | Comments:0 | Tags:Breaking News Security information security news it security

Adobe addresses five issues in ColdFusion, After Effects, Digital Editions

Adobe has addressed five minor vulnerabilities in its ColdFusion, After Effects and Digital Editions products. Adobe has addressed five vulnerabilities in its ColdFusion, After Effects and Digital Editions products. “Adobe has published security bulletins for Adobe ColdFusion (APSB20-18), Adobe After Effects (APSB20-21) and Digital Editions (APSB
Publish At:2020-04-14 16:40 | Read:911 | Comments:0 | Tags:Breaking News Security Adobe After Effects ColdFusion Digita

Windows has a zero-day that won’t be patched for weeks

byJohn E DunnCybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.For now, there are no CVE identifiers and the only confirmed details are in
Publish At:2020-03-25 09:06 | Read:905 | Comments:0 | Tags:Microsoft Operating Systems Security threats Vulnerability W

Delayed Adobe patches fix long list of critical flaws

byJohn E DunnNotice anything missing from last week’s Microsoft Patch Tuesday?Obscured by a long list of Microsoft patches and some fuss about a missing SMB fix, the answer is Adobe, which normally times its update cycle to coincide with the OS giant’s monthly schedule.It’s mostly a practical convenience – admins and end-users get all the important cli
Publish At:2020-03-19 08:57 | Read:927 | Comments:0 | Tags:Adobe Microsoft Security threats Vulnerability Acrobat Reade

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues have been rated as critical severity. Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity. Microsoft’s Patch Tues
Publish At:2020-03-11 07:35 | Read:1062 | Comments:0 | Tags:Breaking News Security Hacking information security news it

March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes

Following the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Important and included patches for various Windows components s
Publish At:2020-03-10 23:00 | Read:885 | Comments:0 | Tags:Vulnerabilities Patch Tuesday

IE zero day and heap of RDP flaws fixed in February Patch Tuesday

byJohn E DunnWeeks after the world first got wind of it, Microsoft has finally patched the Internet Explorer (IE) zero-day flaw the company said in January was being used in “limited targeted attacks”.The fix is part of the February Patch Tuesday update that features a record 99 security vulnerabilities including 12 marked as ‘critical’ and 87 ‘important’.Th
Publish At:2020-02-15 12:44 | Read:1179 | Comments:0 | Tags:Adobe Internet Explorer Microsoft Operating Systems Vulnerab

Tools