HackDig : Dig high-quality web security articles

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace Slack announced that it is resetting passwords for about 0.5% of its users after a bug exposed salted password hashes when creating or revoking shared invitation links for wo
Publish At:2022-08-06 14:11 | Read:135 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

New GwisinLocker ransomware encrypts Windows and Linux ESXi servers

A new ransomware family called 'GwisinLocker' targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines.The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means "ghost" in Korean. The actor is of unknown
Publish At:2022-08-06 13:48 | Read:148 | Comments:0 | Tags:Security ransomware

Microsoft Edge gets better security defaults on less popular sites

Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites.Starting with version 104.0.1293.47, Edge will toggle on the "Basic" level of security when the "Enhance your security on the web" optional browsing mode is enabled in settings.When
Publish At:2022-08-06 13:48 | Read:118 | Comments:0 | Tags:Microsoft Security security

Class Action Targets Experian Over Account Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Exp
Publish At:2022-08-05 22:10 | Read:111 | Comments:0 | Tags:A Little Sunshine The Coming Storm security

UK NHS suffers outage after cyberattack on managed service provider

United Kingdom's National Health Service (NHS) 111 emergency services are affected by a significant and ongoing outage triggered by a cyberattack that hit the systems of British managed service provider (MSP) Advanced.Advanced's Adastra client patient management solution, which is used by 85% of NHS 111 services, has been hit by a major outage together with
Publish At:2022-08-05 21:55 | Read:171 | Comments:0 | Tags:Security cyber

The Week in Ransomware - August 5th 2022 - A look at cyber insurance

For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed.Mandiant revealed this week that an Iranian threat actor is behind ransomware attacks on the Albanian government, likely in retaliation for an upcoming Iranian opposition groups’ conference.Microsoft also&nbs
Publish At:2022-08-05 17:57 | Read:243 | Comments:0 | Tags:Security cyber ransomware

Ghost Security Snags $15M Investment for API Security Tech

Texas startup Ghost Security has joined the list of early-stage companies in the API and application security space attracting venture capital funding.The Austin-based company emerged from stealth this week with $15 million in investments from 468 Capital, DNX Ventures, and Munich Re Ventures."We believe the explosive growth of microservices and APIs in the
Publish At:2022-08-05 16:14 | Read:166 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

DuckDuckGo browser now blocks all third-party Microsoft trackers

DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past.This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agre
Publish At:2022-08-05 13:47 | Read:153 | Comments:0 | Tags:Security

Facebook finds new Android malware used by APT hackers

Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware.These cyberspying operatives use social media platforms like Facebook to collect intelligence (OSINT) or to
Publish At:2022-08-05 13:47 | Read:175 | Comments:0 | Tags:Security android hack

Twitter confirms zero-day used to expose data of 5.4 million accounts

Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.Last month, BleepingComputer spoke to a threat actor who said that they were able to create a list of 5.4 million T
Publish At:2022-08-05 13:47 | Read:205 | Comments:0 | Tags:Security

Hackers are actively exploiting password-stealing flaw in Zimbra

The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers.This high-severity vulnerability allows an unauthenticated attacker to steal email account credentials in cleartext form from Zimbra Col
Publish At:2022-08-05 13:47 | Read:177 | Comments:0 | Tags:Security exploit hack

Slack resets passwords after exposing hashes in invitation links

Slack notified roughly 0.5% of its users that it reset their passwords after fixing a bug exposing salted password hashes when creating or revoking shared invitation links for workspaces."When a user performed either of these actions, Slack transmitted a hashed version of their password (not plaintext) to other workspace members," Slack told Bleepi
Publish At:2022-08-05 13:47 | Read:137 | Comments:0 | Tags:Security

F5 Fixes 21 Vulnerabilities With Quarterly Security Patches

Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.The company has released separate advisories for a dozen high-severity vulnerabilities, as well as eight medium-severity and one low-severity flaws.The h
Publish At:2022-08-05 12:04 | Read:108 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

DHS warns of critical flaws in Emergency Alert System encoder/decoder devices

The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable
Publish At:2022-08-05 11:10 | Read:138 | Comments:0 | Tags:Breaking News Hacking Security DHS Emergency Alert System ha

CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog.
Publish At:2022-08-05 09:25 | Read:136 | Comments:0 | Tags:Breaking News Security CISA Hacking hacking news information

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud