HackDig : Dig high-quality web security articles

Emergency Chrome 103 Update Patches Actively Exploited Vulnerability

While many expected — or at least hoped — that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability.The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to G
Publish At:2022-07-04 20:11 | Read:72 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Experts: California Lacked Safeguards for Gun Owner Info

Cybersecurity experts say the California Department of Justice apparently failed to follow basic security procedures on its website, exposing the personal information of potentially hundreds of thousands of gun owners.The website was designed to only show general data about the number and location of concealed carry gun permits, broken down by year and count
Publish At:2022-07-02 12:03 | Read:187 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Data Protection Tracking

Google: Half of 2022's Zero-Days Are Variants of Previous Vulnerabilities

Google Project Zero has observed a total of 18 exploited zero-day vulnerabilities in the first half of 2022, at least half of which exist because previous bugs were not properly addressed.According to Google Project Zero researcher Maddie Stone, nine of the in-the-wild zero-days seen so far this year could have been prevented had organizations applied more c
Publish At:2022-07-01 08:05 | Read:132 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities

North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist

The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic.The multi-million compromise, confirmed by Harmony earlier this month, led to the theft of ETH, BNB, USDT, USDC and Dai from the Horizon cross-chain bridge and no
Publish At:2022-06-30 16:13 | Read:143 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Oak9 Lands $8 Million in New Venture Investment

Chicago-based Infrastructure-as-Code (IaC) startup oak9 has attracted new interest from venture capitalists with Cisco Investments and Morgan Stanley’s Next Level Fund joining a new $8 million funding round.The latest financing, led by existing investor Menlo Ventures, brings the total raised by oak9 to $14 million following a $5.9 million seed round the com
Publish At:2022-06-30 16:13 | Read:177 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Vulnerability in Amazon Photos Android App Exposed User Information

Cybersecurity firm Checkmarx has published details on a high-severity vulnerability in the Amazon Photos Android application that could have allowed malicious apps to steal an Amazon access token.With more than 50 million downloads, Amazon Photos offers cloud storage, allowing users to store photos and videos at their original quality, as well as to print an
Publish At:2022-06-30 08:05 | Read:205 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Brocade Vulnerabilities Could Impact Storage Solutions of Several Major Companies

Broadcom revealed recently that some of the software provided by its storage networking subsidiary Brocade is affected by several vulnerabilities, and it seems possible that the flaws could impact the products of several major companies.According to Broadcom, the Brocade SANnav storage area network (SAN) management application is affected by nine vulnerabili
Publish At:2022-06-30 08:05 | Read:192 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Firefox 102 Patches 19 Vulnerabilities, Improves Privacy

Mozilla this week announced the availability of Firefox 102 in the stable channel with patches for 19 vulnerabilities, including four high-severity bugs.With the latest update, Mozilla has patched CVE-2022-34470, a high-severity use-after-free issue in nsSHistory that was triggered when navigating between XML documents, and which could lead to a potentially
Publish At:2022-06-29 12:02 | Read:900 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Azure Service Fabric Vulnerability Can Lead to Cluster Takeover

Microsoft has patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster.Tracked as CVE-2022-30137, the vulnerability impacts Service Fabric, Microsoft’s container orchestrator that provides management of services across container clusters. Microsoft says Service Fabric
Publish At:2022-06-29 12:02 | Read:189 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

MITRE Publishes 2022 List of 25 Most Dangerous Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) and the nonprofit organization MITRE have published the 2022 list of the 25 most dangerous vulnerabilities.The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two
Publish At:2022-06-29 08:04 | Read:166 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Cyolo Banks $60M Series B for ZTNA Technology

Cyolo, an Israeli startup building technology for zero trust networking, on Monday announced a new $60 million investment led by the venture investing arm of National Grid.In addition to National Grid Partners, Cyolo said it scored investments from Glilot Capital Partners, Flint Capital, Differential Ventures, and Merlin Ventures. The Series B financing
Publish At:2022-06-28 16:12 | Read:220 | Comments:0 | Tags:Cyberwarfare Endpoint Security Mobile Security Network Secur

CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by
Publish At:2022-06-28 16:12 | Read:210 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Normalyze Announces $22 Million for DSPM Technology

Bay Area startup Normalyze on Monday announced a $22 million in Series A funding as venture capital investors rush to place bets on the newly coined Data Security Posture Management (DSPM) space.Normalyze, based in San Francisco, said the funding round was co-led by Lightspeed Venture Partners and Battery Ventures and brings the total raised to $26.6 million
Publish At:2022-06-28 16:12 | Read:162 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

New Database Catalogs Cloud Vulnerabilities, Security Issues

Cloud security company Wiz has announced the launch of a new database whose goal is to keep track of vulnerabilities and other security issues affecting cloud services.Cybersecurity researchers often find vulnerabilities in widely used cloud services offered by companies such as AWS, Microsoft and Google. ​​While some cloud vulnerabilities don’t require any
Publish At:2022-06-28 12:02 | Read:155 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Cloud Security Vulnerabi

CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day

Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.The discovery is added confirmation that ransomware criminals are increasingly investing in zero-day exploits for use in data-extortion attacks and that poorly configured network devices present a
Publish At:2022-06-24 12:02 | Read:359 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I


Share high-quality web security related articles with you:)
Tell me why you support me <3