HackDig : Dig high-quality web security articles

Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet

More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.Touted as the most widely deployed SSL VPN solution, Pulse Connect Secure provides remote and mobile users with secure access to corporate resources. The VPN appliance is part of Ivanti’s portfolio, afte
Publish At:2022-12-09 10:31 | Read:6265 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Vulnerabilities Manageme

SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022

Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first t
Publish At:2022-12-09 10:31 | Read:6203 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security exploit hac

LF Electromagnetic Radiation Used for Stealthy Data Theft From Air-Gapped Systems

Mordechai Guri, a cybersecurity researcher from the Ben-Gurion University of the Negev in Israel who specializes in air gap jumping, has released a paper detailing yet another method that can be used to stealthily exfiltrate data from systems isolated from the internet and local networks.The new method involves using the dynamic power consumption of modern c
Publish At:2022-12-09 10:31 | Read:9282 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Wi

Vulnerabilities Allow Researcher to Turn Security Products Into Wipers

SafeBreach Labs security researcher Or Yair discovered several vulnerabilities that allowed him to turn endpoint detection and response (EDR) and antivirus (AV) products into wipers.The identified issues, which were presented on Wednesday at the Black Hat Europe cybersecurity conference, allowed the researcher to trick the vulnerable security products into d
Publish At:2022-12-08 14:29 | Read:26850 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vu

Apple Scraps CSAM Detection Tool for iCloud Photos

Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.Instead, the Cupertino, California device maker said it would expand investments into different tooling and features to warn children if they receive or a
Publish At:2022-12-08 14:29 | Read:30298 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

WAFs of Several Major Vendors Bypassed With Generic Attack Method

Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors.Claroty’s researchers discovered the method following an analysis of Cambium Networks’ wireless device management platform. They discovered a SQL injection vulnerability that could be used t
Publish At:2022-12-08 11:55 | Read:28624 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Vulnerabilities IoT Security

Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total

On the second day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned a total of more than $280,000 for smart speaker, smartphone, printer, router, and NAS exploits.A significant chunk of the total amount was earned for smart speaker hacks, specifically vulnerabilities targeting Sonos One smart speakers.A team from ​​Qr
Publish At:2022-12-08 10:31 | Read:34634 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security exploit

Apple Adding End-to-End Encryption to iCloud Backup

Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.The security-themed upgrades, scheduled to ship in 2023, includes a new feature called Advanced Data Protection for iCloud offering end-t
Publish At:2022-12-07 22:24 | Read:39055 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Audits

Big Tech Vendors Object to US Gov SBOM Mandate

The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.A lobbying outfit representing big tech is calling on the federal government’s Office of Management and Budget (OMB) to “discourage agencies” from requiring
Publish At:2022-12-07 18:26 | Read:37811 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Google Documents IE Browser Zero-Day Exploited by North Korean Hackers

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.Tracked as CVE-2022-41128 (CVSS score of 8.8), the vulnerability was identified in the browser’s ‘JScript9’ JavaScript engine and can be exploited by remote attackers to execute arbitrary co
Publish At:2022-12-07 18:26 | Read:30976 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities

A newly observed botnet capable of self-replicating and self-propagation is targeting multiple Internet of Things (IoT) vulnerabilities for initial access, cybersecurity solutions provider Fortinet warns.Dubbed Zerobot, the malware is written in the Golang (Go) programming language and has several modules for self-replication, self-propagation, and for condu
Publish At:2022-12-07 14:28 | Read:36014 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Investors Pour $200M Into Compliance Automation Startup Drata

High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.The $200 million cash infusion comes less than two years after the San Diego, Calif-based company emerged from stealth with ambitious plans to design an
Publish At:2022-12-07 14:28 | Read:45365 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS

Cybersecurity solutions provider Fortinet this week announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.Tracked as CVE-2022-35843 (CVSS score of 7.7), the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered wh
Publish At:2022-12-07 11:55 | Read:40095 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IOS Vulnerability

Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates

Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws.The most severe of the RCE bugs is CVE-2022-20411, an issue in Android’s System component that could be exploited over Bluetooth.“The most severe of these issues is a critical security vulnerabil
Publish At:2022-12-07 10:30 | Read:45286 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits

On the first day of the Pwn2Own Toronto 2022 hacking competition, participants earned a total of $400,000 for new exploits targeting phones, printers, routers and NAS devices.The competition organized by Trend Micro’s Zero Day Initiative (ZDI) offers significant prizes for hacking mobile phones, wireless routers, home automation hubs, printers, smart speaker
Publish At:2022-12-07 10:30 | Read:32906 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security exploit hac


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud