HackDig : Dig high-quality web security articles for hacker

DLL Hijacking Flaw Impacts Symantec Endpoint Protection

Symantec Endpoint Protection is the latest antivirus product found to unsafely load DLLs into a process that runs with SYSTEM privileges.The software is impacted by a vulnerability that could allow an attacker that has administrative privileges to bypass self-defense mechanisms and load an unsigned DLL file, SafeBreach security researchers explain in a new b
Publish At:2019-11-14 22:15 | Read:114 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig
Publish At:2019-11-13 22:15 | Read:92 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability in McAfee Antivirus Products Allows DLL Hijacking

A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence, SafeBreach security researchers have discovered.The security flaw could be abused to load unsigned DLLs into multiple services that run as NT AUTHORITYSYSTEM. The exploitation, however, requires for the attacker to have admin privile
Publish At:2019-11-13 22:15 | Read:72 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Virus Vulnerability

Newer Intel CPUs Vulnerable to Variant 2 of ZombieLoad Attack

Researchers have disclosed a new variant of the attack method dubbed ZombieLoad, which appears to also impact Intel CPUs that are not affected by the first variant of ZombieLoad.In May, a team of researchers, including experts who brought to light the existence of speculative execution side-channel vulnerabilities such as Meltdown and Spectre, disclosed seve
Publish At:2019-11-13 10:15 | Read:42 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

SAP Updates Four Hot News Notes on November 2019 Patch Day

German multinational software corporation SAP this week released 11 Notes as part of the November 2019 Security Patch Day, along with four updates to previously released patches.All of the four updates are for Patch Day Security Notes that have been rated Hot News and which feature CVSS scores above 9.The most important of these updates is for a Security Not
Publish At:2019-11-13 10:15 | Read:47 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update

Following the relatively light list from last month, November proved to be a much more eventful month for Microsoft users. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. The remaining majority were rated as Important and included patches
Publish At:2019-11-13 02:35 | Read:167 | Comments:0 | Tags:Vulnerabilities Microsoft Patch Tuesday

Magento Users Warned of Remote Code Execution Vulnerability

Popular ecommerce platform Magento is advising users to apply patches for a remote code execution flaw that could allow unauthenticated attackers to deliver malicious payloads.Tracked as CVE-2019-8144 and featuring a CVSS score of 10, the vulnerability impacts Magento 2.3 prior to 2.3.3 or 2.3.2-p1 and it can be abused to insert code through PageBuilder temp
Publish At:2019-11-12 22:15 | Read:133 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Microsoft Patches Another Internet Explorer Flaw Exploited in Attacks

Microsoft’s Patch Tuesday updates for November 2019 fix over 70 vulnerabilities, including an Internet Explorer flaw that has been exploited in attacks.The zero-day vulnerability, tracked as CVE-2019-1429, affects the scripting engine used by Internet Explorer 9, 10 and 11. Microsoft describes the security hole as a memory corruption bug that can allow an at
Publish At:2019-11-12 22:15 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Adobe Patches Vulnerabilities in Design, Web Products

Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.The company says it’s not aware of any attacks exploiting these vulnerabilities and based on the priority ratings assigned to the flaws — they have all been assigned priority ratings of 3 — they are unlikely to be exploited for malicious purpose
Publish At:2019-11-12 12:00 | Read:159 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Tech Support Scammers Exploiting Unpatched Firefox Bug

Mozilla is working on addressing a Firefox bug that has been exploited by tech support scammers to lock the browser when users visit specially crafted websites.Attacks were spotted recently by Jérôme Segura of Malwarebytes, who told SecurityWeek that there are currently two known Firefox bugs that have been abused in tech support scams.Exploitation only requ
Publish At:2019-11-12 10:15 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Fraud & Identity

Do Americans Think Their Phone Is Listening To Them? (Survey)

Microphones on your devices were created to make life simpler. Not sure what song is playing on the radio? Ask Siri to listen and tell you what the artist is. Need to call your mom but you’re in the middle of cooking dinner? Ask Alexa to make the call for you. The mics in our devices allow us to go hands-free and multitask.  The problem with online microphon
Publish At:2019-11-11 22:35 | Read:6 | Comments:0 | Tags:Mobile Security Panda Security Security Technology cybersecu

Cisco Patches Vulnerabilities in Small Business Routers, RoomOS Software

A new set of security patches that Cisco released this week fixes multiple vulnerabilities across products such as Small Business Routers, TelePresence Collaboration Endpoint, RoomOS, and others.The most important of these security issues impacts the web-based management interface of Small Business RV016, RV042, RV042G, and RV082 routers and could lead to ar
Publish At:2019-11-11 22:15 | Read:30 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Bug Hunters Hack Samsung Galaxy S10, Xiaomi Mi9 at Pwn2Own

Pwn2Own Tokyo 2019 has come to an end and on the second day of the hacking contest bug bounty hunters have earned a total of $120,000 for demonstrating exploits against Samsung Galaxy S10 and Xiaomi Mi9 phones and TP-Link AC1750 routers.Of the seven hacking attempts scheduled for day two, four were a complete success. Amat Cama and Richard Zhu of the Fluoroa
Publish At:2019-11-11 22:15 | Read:86 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Wireless Security Vulner

Actively Developed Capesand Exploit Kit Emerges in Attacks

A newly discovered exploit kit (EK) is being employed in live attacks despite the fact that it’s still in an unfinished state, Trend Micro’s security researchers reveal.Dubbed Capesand, the toolkit was discovered in October 2019, when a malvertising campaign employing the RIG EK to drop DarkRAT and njRAT switched to using it for delivery instead.The new thre
Publish At:2019-11-11 22:15 | Read:29 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Hackers Can Target LEADTOOLS Users With Malicious Image Files

Cisco Talos security researchers have discovered multiple vulnerabilities in the LEADTOOLS imaging toolkits that could lead to code execution on the victim system.Developed by LEAD Technologies Inc., LEADTOOLS represents a collection of toolkits for integrating document, medical, multimedia and imaging technologies into applications tailored for desktop, ser
Publish At:2019-11-11 22:15 | Read:70 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities


Share high-quality web security related articles with you:)


Tag Cloud