HackDig : Dig high-quality web security articles for hackers

Microsoft's Patch for LSASS Flaw Incomplete, Google Researcher Says

Microsoft failed to properly address an elevation of privilege vulnerability in the Windows Local Security Authority Subsystem Service (LSASS), the Google Project Zero researcher who discovered the issue says.Tracked as CVE-2020-1509, the vulnerability can be triggered through specially crafted authentication requests. For successful exploitation, an attacke
Publish At:2020-08-13 08:02 | Read:45 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

FireEye Launches Public Bug Bounty Program on Bugcrowd

FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate.The program, which has been running privately on the crowd-sourced bug hunting platform for a while, welcomes all Bugcrowd researchers interested in identifying vulnerabilities in a broad range of FireEye websites, includi
Publish At:2020-08-13 08:02 | Read:59 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Potentially Serious Vulnerability Found in Popular WYSIWYG Editor TinyMCE

A potentially serious cross-site scripting (XSS) vulnerability affecting the TinyMCE rich text editor can be exploited — depending on the implementation — for privilege escalation, obtaining information, or account takeover.Developed by Tiny Technologies, TinyMCE is advertised as the most advanced WYSIWYG HTML editor designed to simplify website content crea
Publish At:2020-08-13 08:02 | Read:97 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome

Google this week announced that an update for Chrome 84 includes 15 security patches, including for a serious vulnerability for which the tech giant awarded a $10,000 bug bounty.This vulnerability is CVE-2020-6542, a high-severity use-after-free bug in ANGLE (Almost Native Graphics Layer Engine), the Chrome component responsible for translating OpenGL ES API
Publish At:2020-08-12 12:44 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Windows and IE Zero-Day Vulnerabilities Chained in 'PowerFall' Attacks

An attack launched in May 2020 against a South Korean company involved an exploit that chained zero-day vulnerabilities in Windows and Internet Explorer, Kaspersky reported on Wednesday.The campaign, named by the company “Operation PowerFall,” may have been launched by DarkHotel, a threat actor that has been known to target entities with an interest in North
Publish At:2020-08-12 12:44 | Read:115 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

SAP Releases August 2020 Security Updates

SAP this week announced the release of 15 new Security Notes as part of the August 2020 SAP Security Patch Day, including some that address serious vulnerabilities in NetWeaver.The most important of these is a cross-site scripting (XSS) flaw in the Knowledge Management component of NetWeaver. Tracked as CVE-2020-6284 and featuring Hot News priority, the issu
Publish At:2020-08-12 08:52 | Read:128 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Intel Patches Many Privilege Escalation Vulnerabilities in Server Boards

Intel informed customers on Tuesday that it has patched many potentially serious privilege escalation vulnerabilities in its Server Board products.One advisory published by the tech giant describes over 20 vulnerabilities affecting Intel Server Boards, Server Systems and Compute Modules. A majority of the flaws can be exploited for privilege escalation, and
Publish At:2020-08-12 05:00 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Citrix Expects Hackers to Exploit Newly Patched XenMobile Vulnerabilities

Citrix on Tuesday released patches to address multiple vulnerabilities in Citrix Endpoint Management (CEM), which allow an attacker to gain administrative privileges on affected systems.Often referred to as XenMobile, the Citrix Endpoint Management (CEM) server provides businesses with management capabilities for both mobile devices and applications and allo
Publish At:2020-08-11 17:26 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Microsoft Patches Actively Exploited Windows, IE Vulnerabilities

Microsoft has addressed 120 vulnerabilities with its August 2020 Patch Tuesday updates, including a Windows spoofing bug and a remote code execution flaw in Internet Explorer that have been exploited in attacks.The Windows spoofing vulnerability, tracked as CVE-2020-1464, is related to Windows incorrectly validating file signatures. An attacker can exploit t
Publish At:2020-08-11 17:26 | Read:134 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

HDL Smart Devices in Homes and Buildings Exposed to Hacker Attacks

Vulnerabilities in HDL Automation smart products could be abused to take over user accounts and remotely control devices deployed in homes, commercial buildings or hotels, SentinelOne reports.The issues, SentinelOne researcher Barak Sternberg explained at the DEF CON conference last week, were identified in an HDL automation system that allows users to contr
Publish At:2020-08-11 12:50 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security

vBulletin Patches Zero-Day Exploited in Attacks

vBulletin developers on Monday rushed to address a zero-day remote code execution (RCE) vulnerability in the forum software, one day after the issue was publicly disclosed.Written in PHP, vBulletin is highly popular among numerous large brands, including Electronic Arts, Pearl Jam, Sony, Steam, Zynga, and others.The newly disclosed vulnerability is related t
Publish At:2020-08-11 12:50 | Read:133 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Adobe Patches 11 Critical Vulnerabilities in Acrobat and Reader

Adobe on Tuesday informed customers that it has patched 26 vulnerabilities in its Acrobat and Reader products, including 11 critical flaws that can be exploited to bypass security features and for arbitrary code execution.The vulnerabilities impact the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 201
Publish At:2020-08-11 12:50 | Read:67 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

DEF CON 2020 Wrap-Up: Hacking Phones, Cars and Satellites

Tens of researchers showcased their work last week at the DEF CON hacking conference. They presented research on hacking phones, cars, satellite communications, traffic lights, smart home devices, printers, and popular software services, among many others.Here is a summary of some of the most interesting presentations from DEF CON 2020:Hacking Samsung smartp
Publish At:2020-08-11 09:30 | Read:30 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Wire

Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year.Some of the most interesting presentations focused on vulnerabilities affecting industrial, IoT, hardware and web products, but a few of the talks covered endpoint
Publish At:2020-08-10 15:17 | Read:149 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY SCADA / ICS Vulnerabil

Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks

Security researchers have identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks.During a presentation at DEF CON last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) – a subsystem that enables the processing of data with low power c
Publish At:2020-08-10 15:17 | Read:141 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &


Tag Cloud