HackDig : Dig high-quality web security articles for hackers

Cisco Servers Hacked via Salt Vulnerabilities

Cisco this week announced that it has patched two actively exploited Salt vulnerabilities, but not before malicious actors leveraged the flaws to hack some of the company’s servers.Rated critical, the vulnerabilities, tracked as CVE-2020-11651 and CVE-2020-11652, were made public at the end of April, when SaltStack patches were released. The issue, however,
Publish At:2020-05-29 08:33 | Read:111 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

HackerOne Says Bug Bounty Hunters Earned $100 Million Through Its Platform

HackerOne announced on Wednesday that its bug bounty platform has helped researchers earn more than $100 million since the company started paying hackers in October 2013.The San Francisco-based company reported in late February that it had paid out a total of over $82 million in bounties, $40 million of which was awarded in 2019 alone. At the time, it also s
Publish At:2020-05-27 17:57 | Read:84 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Apple Patches Over 40 Vulnerabilities in macOS Catalina

Apple this week released security updates to address over fifty vulnerabilities impacting macOS and Safari.A total of 44 security flaws were fixed with the release of macOS Catalina 10.15.5, impacting components such as Accounts, AirDrop, Audio, Bluetooth, Calendar, ImageIO, Kernel, ksh, PackageKit, Sandbox, SQLite, USB Audio, Wi-Fi, and zsh, among others.Ei
Publish At:2020-05-27 12:50 | Read:149 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Qatar Tracing App Flaw Exposed 1 Mn Users' Data: Amnesty

A security flaw in Qatar's controversial mandatory coronavirus contact tracing app exposed sensitive information of more than one million users, rights group Amnesty International warned Tuesday.The glitch, which was fixed on Friday after being flagged by Amnesty a day earlier, made users' ID numbers, location and infection status vulnerable to hackers.Priva
Publish At:2020-05-27 02:30 | Read:151 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

StrandHogg 2.0 Vulnerability Allows Hackers to Hijack Android Devices

Researchers at Norwegian app security company Promon on Tuesday disclosed the existence of a serious Android vulnerability that allows a piece of malware to hijack nearly any application installed on the victim’s device.In December 2019, Promon warned that an Android vulnerability, which it dubbed StrandHogg, was being exploited by tens of malicious Android
Publish At:2020-05-26 14:55 | Read:110 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Vulnerabilities Found in Emerson SCADA Product Made for Oil and Gas Industry

A researcher from Kaspersky has identified several vulnerabilities in Emerson OpenEnterprise, a supervisory control and data acquisition (SCADA) solution designed for the oil and gas industry.Roman Lozko, a researcher at Kaspersky’s ICS CERT unit, discovered four vulnerabilities in Emerson OpenEnterprise. The security flaws were reported to the vendor in Dec
Publish At:2020-05-26 11:03 | Read:138 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Jailbreak Tool Updated to Unlock iPhones Running iOS 13.5

The unc0ver jailbreaking tool has been updated with support for the latest iOS releases, courtesy of a zero-day vulnerability, the team behind the utility announced.unc0ver, which supports iOS 11 through iOS 13.5 (with some exceptions), is advertised as the most advanced jailbreak tool out there, providing users with the opportunity to do with their devices
Publish At:2020-05-26 07:12 | Read:128 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Cisco Patches Critical Vulnerability in Contact Center Software

Cisco this week released security patches to address several vulnerabilities in its products, including a critical severity bug in its Unified Contact Center Express (Unified CCX) software.Tracked as CVE-2020-3280 and assessed with a CVSS score of 9.8, the vulnerability could allow an attacker to execute arbitrary code on an affected device remotely. Th
Publish At:2020-05-24 07:51 | Read:160 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Hackers Can Target Rockwell Industrial Software With Malicious EDS Files

Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization’s OT network.The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty. Rockwell Automation and the United States Cybersecurity and Infrastructure Security Agency
Publish At:2020-05-24 07:51 | Read:120 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Hackers Attempted to Deploy Ransomware in Attacks Targeting Sophos Firewalls

Malicious actors targeting a zero-day vulnerability in Sophos XG Firewall appliances last month attempted to deploy ransomware after Sophos started taking measures to neutralize the attack.In the incident, which Sophos refers to as Asnarök, adversaries targeted a previously unknown SQL injection vulnerability to insert a one-line command and download a Linux
Publish At:2020-05-24 07:51 | Read:120 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Industry Reactions to Verizon 2020 DBIR: Feedback Friday

Verizon this week published its 2020 Data Breach Investigation Report (DBIR). The report is based on insights from thousands of incidents and it’s more detailed and more thorough than ever.The report covers threat actors, including their activities and their tools, an analysis of the targeted industries, and a regional analysis.According to Verizon, malware
Publish At:2020-05-24 07:50 | Read:153 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Virus &

Take a Bite Out of Sweyn

If you work in the healthcare industry, you may have heard about a family of vulnerabilities called “SweynTooth.” Researchers from Singapore first discovered the vulnerabilities in 2019. After waiting 90 days to announce them, which is part of the responsible disclosure process, they published a technical paper. If you are not familiar with the S
Publish At:2020-05-24 06:18 | Read:101 | Comments:0 | Tags:Application Security Healthcare Security Services Software &

Hackers Can Inject Code Into WordPress Sites via Flaw in Product Review Plugin

A vulnerability addressed recently in the WP Product Review Lite plugin for WordPress could be abused by unauthenticated attackers to hack websites.WP Product Review Lite is designed for creating product reviews on WordPress websites. It supports the creation of a top products review widget and also allows monetization through the addition of a “buy now” but
Publish At:2020-05-18 13:54 | Read:248 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Over 6,400 Edison Mail Users Hit by Security Bug in iOS App

An update rolled out recently by Edison Mail for its iOS application resulted in some users being given access to other people’s email accounts. The company acted quickly to resolve the issue, but thousands may have been impacted.Edison Mail provides apps that allow users to manage their Gmail, Yahoo, Outlook, iCloud and other inboxes from one place. The com
Publish At:2020-05-18 13:53 | Read:120 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Vulnerabilities IOS

How CVSS works: characterizing and scoring vulnerabilities

The Common Vulnerability Scoring System (CVSS) provides software developers, testers, and security and IT professionals with a standardized process for assessing vulnerabilities. You can use the CVSS to assess the threat level of each vulnerability, and then prioritize mitigation accordingly. This article explains how the CVSS works, including a review o
Publish At:2020-05-18 13:42 | Read:136 | Comments:0 | Tags:Malwarebytes news attack complexity attack vector bug bounty


Share high-quality web security related articles with you:)


Tag Cloud