HackDig : Dig high-quality web security articles for hackers

Cisco IOS vulnerabilities open Rockwell Industrial Switches to attacks

Vulnerabilities in Cisco IOS expose Rockwell Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches to remote attacks. Some models of the Allen-Bradley Stratix and ArmorStratix industrial Ethernet switches are exposed to remote attacks due to security flaws in Cisco’s IOS software. According to the security alert issued by ICS-CERT, an authentic
Publish At:2017-08-26 06:45 | Read:5416 | Comments:0 | Tags:Breaking News Hacking CISCO Cisco IOS Software iOS SNMP IOS

CISCO issues security patches for nine serious RCEs in SNMP subsystem in IOS and IOS XE

Cisco has fixed nine serious remote code execution flaws in the SNMP subsystem running in all the releases of IOS and IOS XE software. The tech giant publicly disclosed the vulnerability on June 29 and provided workarounds, not it is notifying customers about the availability of security patches. The nine issues, that have been tracked with codes from CVE-20
Publish At:2017-07-15 13:05 | Read:4362 | Comments:0 | Tags:Breaking News Hacking Security CISCO Cisco IOS Software iOS

Cisco IOS Software is affected by RCE flaws that could allow full hack of the devices

Experts at CISCO discovered severe remote code execution vulnerabilities in Cisco IOS Software while conducting internal testing. Cisco warned users of serious vulnerabilities in IOS software that can be exploited by authenticated, remote attackers for code execution and denial-of-service (DoS) attacks. Experts at CISCO discovered the vulnerabilities while c
Publish At:2017-06-30 23:15 | Read:3915 | Comments:0 | Tags:Breaking News Hacking CISCO Cisco IOS Software iOS SNMP IOS

StringBleed SNMP Authentication Bypass affects numerous devices online

Security researchers discovered an SNMP flaw dubbed StringBleed that affects several models of Internet-connected devices. Simple Network Management Protocol (SNMP) authentication bypass affects several IoT devices, hackers could exploit the issue by simply sending random values in specific requests. The problem, dubbed StringBleed and tracked as CVE 2017-51
Publish At:2017-04-28 15:05 | Read:4026 | Comments:0 | Tags:Breaking News Hacking Internet of Things bypass authenticati

Critical Flaws Found in Network Management Systems

Four leading network management system providers are busying patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7.Two of the affected vendors, Spiceworks and Opsview, have already patched their respective products, while Ipswitch had promised to patch two bugs in its NMS p
Publish At:2015-12-18 07:15 | Read:5927 | Comments:0 | Tags:Vulnerabilities Web Security Castle Rock Computing cross-sit

Looking at Configuration Management in a Different Light

When you hear the phrase ”Information Security,” the first thing that comes to mind to most people are topics like access control, application hardening and policy enforcement. While these are all valid areas that need consideration, there’s one element that remains that is not necessarily captured by those areas – the human element.Maintaining a secure infr
Publish At:2015-11-06 02:40 | Read:4414 | Comments:0 | Tags:Featured Articles Security Configuration Management BSides W

CERT Warns of Hard-Coded Credentials in DSL SOHO Routers

DSL routers from a number of manufacturers contain hard-coded credentials that could allow a hacker to access the devices via telnet services and remotely control them.An advisory published Tuesday by the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University said the issues are still present in the routers and that organizati
Publish At:2015-08-26 15:10 | Read:3959 | Comments:0 | Tags:Privacy Vulnerabilities Web Security ASUS cert DIGICOM DSL r

SNMP DDoS Scans Spoof Google Public DNS Server

Update: The SANS Internet Storm Center this afternoon reported SNMP scans spoofed from Google’s public recursive DNS server seeking to overwhelm vulnerable routers and other devices that support the protocol with DDoS traffic.“The traffic is spoofed, and claims to come from Google’s DNS server. The attack is however not an attack against Google. It is likely
Publish At:2014-09-16 09:00 | Read:3920 | Comments:0 | Tags:Vulnerabilities Web Security DDoS Johannes Ullrich SANS SNMP

More SNMP Information Leaks: CVE-2014-4862 and CVE-2014-4863

Today, Rapid7 would like to disclose a pair of newly discovered vulnerabilities around consumer and SOHO-grade cable modems, the Arris DOCSIS 3.0 (aka, Touchstone cable modems) and Netmaster Wireless Cable Modems. Both exposures were discovered by Rapid7's Deral Percent_X Heiland and independent researcher Matthew Kienow. The duo plan to discuss these and ot
Publish At:2014-08-22 10:10 | Read:4108 | Comments:0 | Tags:arris netmaster snmp derbycon

Vulnerability Management: Just Turn It Off! Part III

Our previous posts in the ‘Just Turn It Off!’ series (Part I and Part II) explained many commonly overlooked features than can unintentionally weaken your network’s security.We discussed the risks of an unsecured VNC, rlogin, HTTP TRACE and various other features, that fortunately, have a fairly simple fix.In our third and final post of thi
Publish At:2014-08-19 17:20 | Read:5251 | Comments:0 | Tags:Featured Articles Vulnerability Management RDP SBM share SNM

Metasploit Weekly Update: a geolocation screencast and some unpatched SNMP vulnerabilities

Where in the world are my shells? A couple weeks back, we published a post module from Tom Sellers which helps out tremendously with geolocating a target computer based on which wireless networks are nearby. Seriously, this module is the bee's knees, and can really help illustrate risk to an organization -- I can imagine scenarios where an attacker has
Publish At:2014-08-09 17:07 | Read:6279 | Comments:0 | Tags:geolocate snmp symantec weekly-update


Tag Cloud