HackDig : Dig high-quality web security articles for hacker

Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday.Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key
Publish At:2020-02-26 13:37 | Read:60 | Comments:0 | Tags:NEWS & INDUSTRY Wireless Security Vulnerabilities Data P

What’s Old Is New, What’s New Is Old: Aged Vulnerabilities Still in Use in Attacks Today

As reported in the IBM X-Force Threat Intelligence Index 2020, X-Force research teams operate a network of globally distributed spam honeypots, collecting and analyzing billions of unsolicited email items every year. Analysis of data from our spam traps reveals trending tactics that attackers are utilizing in malicious emails, specifically, that threat actor
Publish At:2020-02-26 10:55 | Read:145 | Comments:0 | Tags:Threat Intelligence Dark Web Exploit Macro Malware Macros Ma

OpenSMTPD Vulnerability Leads to Command Injection

An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution.OpenSMTPD is the open source implementation of the Simple Mail Transfer Protocol (SMTP) in OpenBSD, and its portable version can run on multiple Linux distributions, and Apple’s Mac OS X platform.Tracked as C
Publish At:2020-02-26 09:10 | Read:139 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Vulnerabilities Vulnerabi

Over 100 Vulnerabilities Patched in MyBB in Past 5 Years

The developers of the free and open-source forum software MyBB have shared some data on the vulnerabilities patched in their product over the past years.According to MyBB developers, 103 vulnerabilities have been patched in the 1.8.x branch since its release in 2014. Nearly three quarters of these flaws were reported through MyBB’s security program and 19 pe
Publish At:2020-02-25 14:51 | Read:107 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Biotech health care innovations meet security challenges

The level and speed of innovations taking place in the biotech industry are baffling. On the one hand, it makes us hopeful we can quickly reduce the number of illnesses and their consequences through technological advancement—saving thousands of lives. On the other, concerns about the application of Internet-connected technology leave us wondering: at what c
Publish At:2020-02-25 14:40 | Read:169 | Comments:0 | Tags:Vital infrastructure AI biosensors BLE bluetooth dna-test fd

Zyxel Patches Zero-Day Vulnerability in Network Storage Products

Networking devices vendor Zyxel has released patches for several network attached storage (NAS) devices to address a critical vulnerability that is already being exploited by cybercriminals.Tracked as CVE-2020-9054, the issue is a remote code execution flaw that can be exploited without authentication and which resides in the weblogin.cgi CGI executable fail
Publish At:2020-02-25 14:15 | Read:178 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Mobile Networks Vulnerable to IMP4GT Impersonation Attacks

A group of researchers at Ruhr-Universität Bochum and NYU Abu Dhabi have discovered a new attack on 4G and 5G mobile networks that can be used to impersonate users.Called IMP4GT (IMPersonation attacks in 4G NeTworks), the attack demonstrates that the currently used mutual authentication method, where the smartphone and the network verify their identities, is
Publish At:2020-02-25 11:05 | Read:222 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Frau

HackerOne Surpasses $82 Million in Paid Bounties

With $40 million in bug bounties paid in 2019, hacker-powered bug bounty platform HackerOne nearly doubled the amount paid out in all previous years combined, reaching $82 million.The platform, which in 2019 also doubled the number of registered hackers, surpassing the 600,000 mark, received over 150,000 valid vulnerability reports last year, as part of more
Publish At:2020-02-25 11:05 | Read:212 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Google Patches Chrome Vulnerability Exploited in the Wild

A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild.The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by Chrome. Google has credited Clement Lecigne of its Threat Ana
Publish At:2020-02-25 07:16 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Vulnerabilities in Moxa Networking Device Expose Industrial Environments to Attacks

Researchers from Cisco’s Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa.According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12
Publish At:2020-02-24 16:05 | Read:217 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Vulnerabilities Allow Hackers to Access Honeywell Fire Alarm Systems

Honeywell has released patches for a couple of potentially serious vulnerabilities affecting a web server used by its Notifier fire alarm systems.Gjoko Krstic, researcher at industrial cybersecurity firm Applied Risk, discovered that the NOTI-FIRE-NET Web Server (NWS-3) is affected by authorization bypass (CVE-2020-6972) and information disclosure vulnerabil
Publish At:2020-02-24 11:20 | Read:120 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Slickwraps Discloses Data Breach

Slickwraps, a company that provides protection solutions and accessories for phones, computers and other devices, has revealed that user data was compromised recently after a third party accessed an unprotected database left accessible from the Internet.The Kansas-based company says user names, email addresses, and physical addresses were included in the dat
Publish At:2020-02-24 11:20 | Read:107 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Incident Response Vu

VMware Patches Serious Flaws in vRealize Operations for Horizon Adapter

VMware has patched serious vulnerabilities, including remote code execution and authentication bypass issues, in vRealize Operations for Horizon Adapter.VMware vRealize Operations is designed to deliver operational insights in an effort to simplify and automate the management of applications and infrastructure across virtual, physical and cloud environments.
Publish At:2020-02-21 12:16 | Read:154 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Vulnerabilities

Over 400 ICS Vulnerabilities Disclosed in 2019: Report

More than 400 vulnerabilities affecting industrial control systems (ICS) were disclosed in 2019 and over a quarter of them had no patches when their existence was made public, according to a report published on Thursday by industrial cybersecurity firm Dragos.Dragos analyzed 438 ICS vulnerabilities covered in 212 security advisories, roughly the same as in t
Publish At:2020-02-20 17:18 | Read:151 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Cisco Patches Critical Flaw in Smart Licensing Solution

Cisco has released patches for sixteen vulnerabilities across its products, including one rated critical, six high severity, and nine medium risk. The critical vulnerability impacts Cisco’s Smart Software Manager On-Prem licensing solution (previously known as Smart Software Manager satellite) and could allow a remote, unauthenticated attacker to access
Publish At:2020-02-20 17:18 | Read:173 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Keywords