HackDig : Dig high-quality web security articles for hacker

MAGENTO 2.0.16 and 2.1.9 security update fixes critical flaw in the platform

Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed also a critical remote code execution vulnerability. Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed numerous flaws, including a critical remote code execution vulnerability. The remote code execution flaw impacts content manag
Publish At:2017-09-17 05:40 | Read:178 | Comments:0 | Tags:Breaking News Hacking Magento RCE

September Patch Tuesday, patch your Windows now to avoid ugly surprises

Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities including Blueborne issue. Microsoft has just released the September Patch Tuesday, a huge batch of security updates to address 81 vulnerabilities in almost any supported versions of Windows and other MS products. The batch includes secu
Publish At:2017-09-14 03:50 | Read:277 | Comments:0 | Tags:Breaking News Security Blueborn attack Hacking RCE September

Experts found an undocumented Kill Switch in Intel Management Engine

Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the Intel Management Engine. Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the CPU control mechanism Intel Management Engine 11. The Intel Management Engine consists of a microco
Publish At:2017-08-29 11:20 | Read:243 | Comments:0 | Tags:Breaking News Hacking CVE-2017-5689 Intel Intel Management E

Experts at ZDI reported two critical Zero-Day flaws in Foxit PDF Reader

Experts found two critical zero-day flaws in the Foxit PDF Reader that could be exploited by attackers to execute arbitrary code on a targeted computer Security researchers have discovered two critical zero-day vulnerabilities in the popular Foxit Reader application that could be exploited by attackers to execute arbitrary code on a targeted computer, if no
Publish At:2017-08-22 13:35 | Read:199 | Comments:0 | Tags:Breaking News Hacking Foxit PDF Reader RCE ZDI zero-Day

Expert exploited an unrestricted File Upload flaw in a PayPal Server to remotely execute code

The security researcher Vikas Anil Sharma exploited an unrestricted File Upload vulnerability in a PayPal Server to remotely execute code. The security researcher Vikas Anil Sharma has found a remote code execution vulnerability in a PayPal server. The expert was visiting the PayPal Bug Bounty page using the Burp software, below the response obtained opening
Publish At:2017-07-24 00:05 | Read:227 | Comments:0 | Tags:Breaking News Hacking hackig PayPal Server RCE unrestricted

SHELLBIND IoT malware targets NAS devices exploiting SambaCry flaw

The seven-year-old remote code execution vulnerability SambaCry was exploited by the SHELLBIND IoT malware to target NAS devices. A new strain of malware dubbed SHELLBIND exploits the recently patched CVE-2017-7494 Samba vulnerability in attacks against Internet of Things devices. SHELLBIND has infected most network-attached storage (NAS) appliances, it exp
Publish At:2017-07-19 09:10 | Read:350 | Comments:0 | Tags:Cyber Crime Internet of Things Malware CVE-2017-7494 Hacking

For the second time in the year, experts found a flaw in Cisco WebEx Extension

For the second time in a year, a highly critical remote code execution vulnerability was found in the Cisco WebEx Extension. For the second time in a year, a highly critical remote code execution vulnerability, tracked as CVE-2017-6753, was discovered in the Cisco Systems WebEx browser extension for Chrome and Firefox. The vulnerability could be exploited by
Publish At:2017-07-17 20:20 | Read:268 | Comments:0 | Tags:Breaking News Hacking CISCO CISCO WebEx RCE

Do you use Adobe Flash Player? You should update it now!

Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities. According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by att
Publish At:2017-07-14 00:15 | Read:473 | Comments:0 | Tags:Breaking News Hacking Adobe Connect Flash Player RCE XSS

OpenVPN fixed several remotely exploitable flaws that were not detected by recent audits

OpenVPN fixed several vulnerabilities that could be exploited by remote attackers, the flaws were not detected in a recent audit. Recently two distinct audits were conducted to discover security issues in the OpenVPN, many flaws were found but some vulnerabilities were not spotted by the experts. Four of the vulnerabilities in OpenVPN 2.4.2, were found by th
Publish At:2017-06-23 07:05 | Read:297 | Comments:0 | Tags:Breaking News Hacking OpenVPN RCE exploit

Microsoft patches two critical remote code execution (RCE) flaws that have been exploited in attacks

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulner
Publish At:2017-06-14 02:05 | Read:351 | Comments:0 | Tags:Breaking News Hacking Uncategorized critical remote code exe

SambaCry is reality, crooks are abusing CVE-2017-7494 to spread miners

Security experts from Kaspersky confirmed that threat actors in the wild are exploiting the SambaCry vulnerability CVE-2017-7494 to spread a miner. At the end of May, a seven-year-old remote code execution vulnerability affecting all versions of the Samba software since 3.5.0 was patched by the development team of the project. An attacker can exploit the CV
Publish At:2017-06-11 00:25 | Read:415 | Comments:0 | Tags:Breaking News Hacking CVE-2017-7494 RCE Remote Code Executio

CVE-2017-7494 Samba vulnerability, patch your installation now!

A seven-year-old remote code execution vulnerability, tracked as CVE-2017-7494, affects all versions of the Samba software since 3.5.0. A seven-year-old remote code execution vulnerability affects all versions of the Samba software since 3.5.0. The flaw has been patched by the development team of the project. An attacker can exploit the CVE-2017-7494 RCE to
Publish At:2017-05-25 14:40 | Read:575 | Comments:0 | Tags:Breaking News Hacking CVE-2017-7494 RCE Remote Code Executio

A critical RCE flaw in Intel Management Engine affects Intel enterprise PCs dates back 9 years

A critical remote code execution vulnerability tracked as CVE-2017-5689 in Intel Management Engine affects Intel enterprise PCs dates back 9 years. A critical remote code execution (RCE) vulnerability tracked as CVE-2017-5689 has been discovered in the remote management features implemented on computers shipped with Intel Chipset in past 9 years. The vulnera
Publish At:2017-05-02 20:05 | Read:681 | Comments:0 | Tags:Breaking News Hacking CVE-2017-5689 Intel Intel Management E

Squirrelmail 1.4.22 is affected by a Remote Code Execution flaw, no fix is available

The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692. The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692, that could be exploited by hackers to execute arbitrary commands on the target and fully control it. The recent
Publish At:2017-04-26 07:50 | Read:431 | Comments:0 | Tags:Breaking News Hacking RCE Sendmail SquirrelMail

CVE-2016-10229 Linux remote code execution flaw potentially exposes systems at risk of hack

The Linux remote vulnerability tracked as CVE-2016-10229 poses Linux systems at rick of hack if not patched. A Linux kernel vulnerability, trackers as CVE-2016-10229, potentially allows attackers to remotely take over a vulnerable system (i.e. Servers, desktops, IoT devices and mobile devices). “udp.c in the Linux kernel before 4.5 allows remote attack
Publish At:2017-04-17 02:55 | Read:542 | Comments:0 | Tags:Breaking News Hacking CVE-2016-10229 Linux Kernel RCE

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud