HackDig : Dig high-quality web security articles

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors a
Publish At:2023-03-23 14:45 | Read:68708 | Comments:0 | Tags:Data Protection Risk Management attack surface management cy

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this pi
Publish At:2023-02-24 11:39 | Read:107359 | Comments:0 | Tags:Risk Management Threat Hunting cyber threats types of vulner

Apple Patches WebKit Code Execution Flaws

Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms.The most serious of the documented vulnerabilities affect WebKit and can expose both iOS and macOS devices to code execution attacks via booby-trapped web content, Apple warned in multi
Publish At:2023-01-23 18:28 | Read:557996 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities

Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.An alternative app marketplace, the Galaxy Store comes pre-installed on Samsung’s Android devices and can be used alongside Google Play to download and install soft
Publish At:2023-01-23 12:00 | Read:573422 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Application Security Vul

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services.  Nearly anything from popular consumer and enterprise platforms to critical inf
Publish At:2023-01-23 11:38 | Read:645434 | Comments:0 | Tags:Risk Management Security Services zero day log4shell log4j o

What your SOC will be facing in 2023

As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first part of this report is devoted to the most current threat
Publish At:2023-01-23 07:36 | Read:594517 | Comments:0 | Tags:Kaspersky Security Bulletin APT Ransomware SOC Supply-chain

In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences

Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability.Tracked as CVE-2022-47966, the security defect exists in a third-party dependency (Apache xmlsec, also known as XML Security for Java, version 1.4.1), allowing attackers to exec
Publish At:2023-01-20 12:00 | Read:776238 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Drupal Patches Vulnerabilities Leading to Information Disclosure

Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data.The Drupal core issue exists because the Media Library module does not perform proper checks on entity access in some cases, which could allow users who can edit content to view metadat
Publish At:2023-01-20 10:32 | Read:677325 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Chinese Hackers Exploited Fortinet VPN Vulnerability as Zero-Day

A China-linked threat actor was observed exploiting a recently disclosed Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day, months before patches were released, Mandiant reports.The security bug, tracked as CVE-2022-42475 (CVSS score of 9.8), is described as a buffer overflow issue that could be exploited by remote, unauthenticated attacker
Publish At:2023-01-20 10:32 | Read:638055 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit ha

Critical Vulnerabilities Patched in OpenText Enterprise Content Management System

Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText’s Extended ECM, which is designed fo
Publish At:2023-01-20 10:32 | Read:654726 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Chainguard Trains Spotlight on SBOM Quality Problem

Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.According to new data from software supply chain security startup Chainguard, SBOMs being generated by existing tools fail to meet the minimum da
Publish At:2023-01-19 18:28 | Read:657538 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Email Security Fraud &

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

A cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered.A web-based Git repository manager, Kudu is the engine behind several Azure App Service features, supportin
Publish At:2023-01-19 10:32 | Read:295417 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Vulnerabilities Csrf Vuln

Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM

Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).Designed as enterprise call and session management platforms, Cisco Unified CM and Unified CM SME ensure the interoperability of applications such as Webex, Jabber,
Publish At:2023-01-19 10:32 | Read:134538 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Exploited Control Web Panel Flaw Added to CISA 'Must-Patch' List

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.The agency added the CVE-2022-44877 flaw to its KEV (Known Exploited Vulnerabilities) catalog and set a February 7th deadline for federal
Publish At:2023-01-18 14:30 | Read:156927 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.The CVE-2022-24086 bug (CVSS score of 9.8) is described as an improper input validation bug in the checkout process. It
Publish At:2023-01-18 14:30 | Read:259372 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud