HackDig : Dig high-quality web security articles for hacker

Google Patches 8 Vulnerabilities in Chrome 77

Google this week announced an update for Chrome 77 that addresses 8 security vulnerabilities in the application, including 5 reported by external researchers.The new browser update arrives only a couple of weeks after Google patched four security flaws with the release of Chrome 77.0.3865.90, including two vulnerabilities that, combined with another type of
Publish At:2019-10-12 00:00 | Read:115 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

NIST and Microsoft Partner to Improve Enterprise Patching Strategies

The National Institute of Standards and Technology (NIST) and Microsoft this week announced a joint effort aimed at helping enterprises improve their patching strategies. Motivated by massive cyber-attacks such as WannaCry and the devastating NotPetya, the the goal of the initiative is to help organizations plan, implement, and improve their enterprise
Publish At:2019-10-11 12:00 | Read:226 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

iTunes Zero-Day Vulnerability Exploited by BitPaymer Ransomware

The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio
Publish At:2019-10-11 00:05 | Read:93 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vi

Flaw in HP Touchpoint Analytics Could Impact Many PCs

Researchers at SafeBreach, a company that specializes in simulating breaches and attacks, discovered this summer that HP’s Touchpoint Analytics service is affected by a potentially serious vulnerability.HP Touchpoint Analytics is shipped with many HP laptop and desktop computers running Windows. The service is designed to collect anonymous diagnostic informa
Publish At:2019-10-11 00:05 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

SAP Patches Critical Vulnerabilities With October 2019 Security Updates

SAP this week released seven new security notes as part of the October 2019 Security Patch Day, with two of these notes rated Hot News (Critical).This month’s set of patches also includes two security notes released after the second Tuesday of last month but before this Tuesday, along with one update for a previously released patch, totalling 10 security not
Publish At:2019-10-10 12:00 | Read:211 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Cisco Finds 11 Vulnerabilities in Schneider Electric Modicon Controllers

Researchers at Cisco Talos have discovered nearly a dozen vulnerabilities in some of Schneider Electric’s Modicon programmable logic controllers (PLCs).There are a total of 11 security holes affecting Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum (no longer supported), Premium, and Modicon BMxCRA and 140CRA modules. The M580 PLC, which is the newest
Publish At:2019-10-10 12:00 | Read:198 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

by Ashish Verma In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service
Publish At:2019-10-10 10:00 | Read:134 | Comments:0 | Tags:Vulnerabilities DevOps Vulnerability exploit

Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator

A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator.The audit was conducted by Radically Open Security as part of Mozilla’s Open Source Support program (MOSS), which aims to ensure that the open source ecosystem is “healthy and secure.” iTerm2 was selec
Publish At:2019-10-10 00:00 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

No Patch for Critical Code Execution Flaw Affecting D-Link Routers

A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched.Tracked as CVE-2019-16920 and featuring a CVSS score of 9.8, the vulnerability was found in D-Link DIR-655, DIR-866L, DIR-652, and DHP-1565 routers, all of which are no longer supported, meaning that no patch will be re
Publish At:2019-10-09 12:00 | Read:184 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Apple Patches 16 Vulnerabilities With macOS Catalina 10.15

Apple this week released its latest desktop operating system iteration, macOS Catalina 10.15, which includes patches for a total of 16 vulnerabilities.Available as a free software update for all Macs introduced mid-2012 or later, macOS Catalina addresses security flaws in components such as CoreAudio, Crash Reporter, IOGraphics, Kernel, Notes, PDFKit, and We
Publish At:2019-10-09 12:00 | Read:149 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws

After the UK’s National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat actors have been exploiting the recently disclosed vulnerabilities affecting enterprise VPN products from Pulse Secure, Fortinet and Palo Alto Networks.According to th
Publish At:2019-10-09 12:00 | Read:198 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Vulnera

OpenDreamBox: the vulnerability that affects 32% of the world’s companies

The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack sur
Publish At:2019-10-09 10:35 | Read:185 | Comments:0 | Tags:News Security business IoT vulnerabilities Vulnerability

Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches

October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one cover
Publish At:2019-10-09 03:20 | Read:185 | Comments:0 | Tags:Vulnerabilities October 2019 Patch Tuesday Patch Tuesday

Microsoft Patches 60 Flaws With October 2019 Security Updates

Microsoft’s Patch Tuesday updates for October 2019 fix 60 vulnerabilities, but none of them appear to have been exploited in attacks and only nine are considered critical.One of the critical flaws is CVE-2019-1367, an Internet Explorer vulnerability that has been exploited in attacks. The flaw was first patched in September, but that patch introduced a print
Publish At:2019-10-09 00:00 | Read:134 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Vulnerabilities Expose TwinCAT Industrial Systems to DoS Attacks

A couple of vulnerabilities affecting the TwinCAT PLC runtime from Beckhoff can be exploited for denial-of-service (DoS) attacks, which may be triggered by malicious actors or by accident.Beckhoff is a Germany-based company that provides automation solutions, including industrial PCs, I/O and fieldbus components, drive technology, and automation software. Th
Publish At:2019-10-09 00:00 | Read:110 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities


Share high-quality web security related articles with you:)


Tag Cloud