HackDig : Dig high-quality web security articles for hackers

Flaws in Winston Privacy Devices Can Expose Networks to Remote Attacks

Researchers say they’ve uncovered a series of potentially serious vulnerabilities in devices made by online privacy firm Winston Privacy. The vendor has released patches that are automatically being sent to devices.Winston Privacy provides a hardware-based service designed to boost online privacy and security. The company says it can block online surveillanc
Publish At:2020-10-27 11:40 | Read:124 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Vulnerabilities Data Protection

Link Previews in Chat Apps Pose Privacy, Security Issues: Researchers

An analysis of the manner in which popular chat applications handle link previews has revealed several privacy and security issues, including some that still need addressing, security researchers warn.Link previews provide users with information on what a link received in chat would lead them to, regardless of whether it is a file or a web page.However, link
Publish At:2020-10-27 01:15 | Read:146 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

HPE Patches Two Critical, Remotely Exploitable Vulnerabilities

Hewlett Packard Enterprise has released patches for two critical vulnerabilities, one identified in StoreServ Management Console and the other affecting BlueData EPIC Software Platform and Ezmeral Container Platform.The most severe of these issues was identified in HPE StoreServ Management Console (SSMC) and could be exploited to remotely bypass auth
Publish At:2020-10-26 12:16 | Read:63 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

NVIDIA Patches Code Execution Flaws in GeForce Experience

Patches released by NVIDIA last week for the GeForce Experience software address two arbitrary code execution bugs assessed with a severity rating of high.The GeForce Experience software is a companion application that is being installed alongside NVIDIA’s GeForce drivers. Functioning as a GPU management tool, it allows users to record and share videos and s
Publish At:2020-10-26 12:16 | Read:78 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

FDA Approves Use of New Tool for Medical Device Vulnerability Scoring

The U.S. Food and Drug Administration (FDA) this week announced that it has approved the use of a new rubric specifically designed by the MITRE Corporation for assigning CVSS scores to vulnerabilities found in medical devices.The Common Vulnerability Scoring System (CVSS) was originally designed to convey the severity of vulnerabilities found in IT systems,
Publish At:2020-10-22 14:40 | Read:75 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Vulnerabilities Manageme

QNAP Issues Advisory on Zerologon Vulnerability

Storage solutions provider QNAP this week published an advisory to warn customers that certain versions of QTS, the operating system for its network-attached storage (NAS) devices, are affected by the Zerologon vulnerability.Residing in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and addressed on August 2020 Patch Tuesday, the flaw started gaini
Publish At:2020-10-22 10:46 | Read:122 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Cisco Patches 17 High-Severity Vulnerabilities in Security Appliances

Cisco on Wednesday announced the release of patches for 17 high-severity vulnerabilities in its security appliances as part of its Security Advisory Bundled Publication for October 2020.The vulnerabilities have been found to impact Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC).A majority of the flaws
Publish At:2020-10-22 10:46 | Read:105 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

XSS Vulnerability Exploited in Tech Support Scam

Malwarebytes security researchers have identified a new campaign in which tech support scammers are exploiting a cross-site scripting (XSS) vulnerability and are relying exclusively on links posted on Facebook to reach potential victims.The scam starts with malicious bit.ly shortened links that are being distributed on the social media platform, and which ul
Publish At:2020-10-22 10:46 | Read:175 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Fraud & Identity

Oracle's October 2020 CPU Contains 402 New Security Patches

Oracle on Tuesday released its Critical Patch Update (CPU) for October 2020, which includes 402 new security patches released across the company’s product portfolio.The advisory for the latest CPU includes information on the patches released after the previous CPU, but the patches are typically cumulative, Oracle notes. Thus, customers are advised to review
Publish At:2020-10-22 02:58 | Read:135 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

VMware Patches Critical Code Execution Vulnerability in ESXi

VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.The critical vulnerability, identified as CVE-2020-3992, has been described as a use-after-free issue that affects the OpenSLP service in ESXi.The vulnerability was
Publish At:2020-10-21 11:22 | Read:114 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Chrome Update Patches Actively Exploited FreeType Vulnerability

A Chrome 86 update released by Google on Tuesday patches several high-severity vulnerabilities, including a zero-day that has been exploited in the wild.The actively exploited vulnerability is tracked as CVE-2020-15999 and it has been described as a heap buffer overflow bug affecting FreeType, a popular software library for rendering fonts.In addition to Chr
Publish At:2020-10-21 08:45 | Read:155 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

IoT Security Foundation Launches Vulnerability Reporting Platform

The Internet of Things Security Foundation (IoTSF), an effort aimed at improving the security of IoT, has launched an online platform designed to make the reporting of vulnerabilities in IoT devices easier.Launched alongside a new report into coordinated vulnerability disclosure, the Consumer Internet of Things Vulnerability Disclosure Platform (VulnerableTh
Publish At:2020-10-21 08:45 | Read:114 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Chinese Hackers Target Cisco Discovery Protocol Vulnerability

Chinese state-sponsored hackers are targeting a Cisco Discovery Protocol vulnerability that was disclosed earlier this year, the networking giant and the U.S. National Security Agency revealed on Tuesday.An advisory published by the NSA on Tuesday lists 25 vulnerabilities that have been exploited or targeted by threat actors believed to be sponsored by Beiji
Publish At:2020-10-21 07:28 | Read:129 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Vulnera

NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors.Most of these security bugs, the NSA says, can be used for initial access to networks, through exploiting Internet-facing assets. Post compromise, the adversaries
Publish At:2020-10-21 07:28 | Read:127 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Vulnera

Adobe Releases Security Updates for 10 Products

Adobe on Tuesday announced that it has released security updates for 10 of its products, patching a total of 20 vulnerabilities.Updates have been released for Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop application.In the Windows and macOS versions of Illust
Publish At:2020-10-20 15:52 | Read:145 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security


Tag Cloud