HackDig : Dig high-quality web security articles for hacker

Researcher Finds New Class of Windows Vulnerabilities

A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges.The bugs impact the user interface win32 kernel (win32k) component that has been in the operating system for decades, and affect all versions of Windows, including Windows 10, because Microsoft keeps code back
Publish At:2020-04-02 16:10 | Read:118 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Firefox, IE Vulnerabilities Exploited in Attacks on China, Japan

Vulnerabilities patched earlier this year in Firefox and Internet Explorer have been exploited by an advanced persistent threat (APT) actor in attacks aimed at China and Japan.The Firefox vulnerability is CVE-2019-17026, which Mozilla patched in early January, and the Internet Explorer flaw is CVE-2020-0674, which Microsoft patched in February with its month
Publish At:2020-04-02 12:27 | Read:54 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Virus &

Zoom Vulnerabilities Expose Users to Spying, Other Attacks

Security researchers discovered recently that the Zoom video conferencing app is affected by vulnerabilities that can be exploited to spy on users, escalate privileges on the system, and capture Windows credentials. The company says it’s working on patching these flaws.Several experts have shown how a UNC path injection issue can be exploited by hackers to s
Publish At:2020-04-02 06:45 | Read:97 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Vulnerabilities Privacy & Co

Patch Released for Linux Kernel Vulnerability Disclosed at Hacking Contest

A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop.Researchers who took part this year in the Zero Day Initiative’s Pwn2Own competition earned a total of $270,000 for exploiting vulnerabilities in Windows, Ubuntu Desktop, macOS, Safa
Publish At:2020-04-01 11:50 | Read:101 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Critical Flaw in SEO Plugin Exposed Many WordPress Sites to Attacks

A critical vulnerability in the Rank Math SEO plugin for WordPress could allow attackers to lock administrators out of their own websites, WordPress security company Defiant reports.Meant to help site owners get access to search engine optimization (SEO) tools that would improve their SEO and attract more traffic, the plugin has over 200,000 installations.Fe
Publish At:2020-04-01 09:53 | Read:52 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems

Researchers have published proof-of-concept (PoC) exploits to demonstrate that the Windows vulnerability tracked as SMBGhost and CVE-2020-0796 can be exploited for local privilege escalation.Microsoft says the vulnerability, which it patched on March 12 with an out-of-band update, can be exploited for remote code execution on SMB clients and servers. The cri
Publish At:2020-04-01 06:06 | Read:159 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks

Researchers demonstrated recently that hackers could launch a Stuxnet-style attack against Schneider Electric’s Modicon programmable logic controllers (PLCs), but it’s believed that products from other vendors could also be vulnerable to the same type of attack.The notorious Stuxnet malware, which the United States and Israel used to cause damage to Iran’s n
Publish At:2020-03-31 11:08 | Read:145 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks

Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, researchers at China-based Tencent Keen Security Lab discovered.Research into the AVN (Audio, Visual and Navigation) system in the 2017 Lexus NX300 — the same system is also used in other models, including LS and ES series — has revealed
Publish At:2020-03-30 16:09 | Read:159 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Wireless Security Vulner

Vulnerabilities in DrayTek Enterprise Routers Exploited in Attacks

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor.DrayTek is a Taiwan-based manufacturer of networking equipment, including routers, firewalls, broadband customer premises equipment (CPE), and VPN devices.In early December 2019, researche
Publish At:2020-03-30 08:34 | Read:184 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Russian Hackers Exploited Windows Flaws in Attacks on European Firms

Financially-motivated hackers believed to be operating out of Russia recently targeted companies in Western Europe, and the attacks apparently involved a combination of two Windows vulnerabilities that Microsoft did not expect to be exploited.According to Singapore-based cybersecurity firm Group-IB, the threat groups tracked as TA505 (aka Evil Corp) and Sile
Publish At:2020-03-27 16:04 | Read:360 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Websites of U.S. Presidential Candidates Pose Security, Privacy Risks

The majority of primary campaign websites of United States presidential candidates run code that can pose security and privacy risks to consumers, The Media Trust has discovered.The security firm has monitored 11 websites during September and December 2019, and discovered that 81% of them execute code from third-party entities unmanaged by the candidate team
Publish At:2020-03-27 12:17 | Read:232 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Vulnerabilities Tracking & L

GitHub Paid Out Over $1 Million in Bug Bounties

GitHub this week announced that it has paid out over $1 million in rewards to the security researchers participating in its bug bounty program on HackerOne.The security bug bounty program was launched on the hacker-powered platform in 2016, but GitHub has been accepting vulnerability reports since February 2014.Last year alone, the Microsoft-owned service pa
Publish At:2020-03-27 12:17 | Read:270 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Unofficial Patches Released for Exploited Windows Font Processing Flaws

ACROS Security’s 0patch service has developed unofficial patches for two actively exploited Windows vulnerabilities for which Microsoft has yet to release fixes.Microsoft revealed earlier this week that it had become aware of targeted attacks exploiting two Windows zero-days related to the way the Adobe Type Manager library handles Type 1 PostScript fonts.Ad
Publish At:2020-03-27 08:29 | Read:253 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

No Patch for VPN Bypass Flaw Discovered in iOS

Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple’s iOS mobile operating system that prevents VPN applications from encrypting all traffic.The flaw was discovered by a member of the Proton community in iOS 13.3.1, but Apple has yet to release a patch an
Publish At:2020-03-26 17:19 | Read:299 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits

A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports.The attack involved the use of malicious links posted on forums popular in Hong Kong, which led users to real news sites where a hidden iframe would load and run malware. Vulnerabilities a
Publish At:2020-03-26 13:31 | Read:185 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Virus & Threats Viru


Share high-quality web security related articles with you:)


Tag Cloud