HackDig : Dig high-quality web security articles for hacker

Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards

Security vulnerabilities in some AMD ATI Radeon graphics cards could allow attackers to remotely execute code or cause a denial of service condition, researchers from Cisco Talos have warned. A total of four security flaws were disclosed, all of them impacting the AMD ATIDXX64.DLL driver: three out-of-bounds bugs and one type confusion issue. All four i
Publish At:2020-01-22 22:15 | Read:57 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can
Publish At:2020-01-22 10:15 | Read:105 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities

Snyk is Latest Cybersecurity Unicorn After Adding $150 Million in Funding

Developer-focused cybersecurity solutions provider Snyk today announced a $150 million funding round, at a valuation of more than $1 billion, earning the company “unicorn” status. Snyk, which helps software developers discover and patch vulnerabilities in open source libraries and containers, has raised $250 million to date, including a $70 million inve
Publish At:2020-01-21 22:15 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Design Weaknesses Expose Industrial Systems to Damaging Attacks

Hackers Can Cause Damage to Industrial Systems by Abusing Design WeaknessesAn analysis of industrial control systems (ICS) has shown that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage.PAS, which provides industrial cybersecurity and
Publish At:2020-01-21 22:15 | Read:127 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Virus & Threats Vulnerab

Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. Until a fix becomes available, the company has shared some workarounds and mitigations.The flaw, tracked as CVE-2020-0674 and described a
Publish At:2020-01-20 10:15 | Read:171 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Citrix Releases First Patches for Critical ADC Vulnerability

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability.Disclosed in December 2019 and tracked as CVE-2019-19781, the vulnerability could be exploited to achieve code execution. The issue impacts versions 13.0, 12.1, 12.0, 11.1, and 10.5 of both Citrix ADC and Gat
Publish At:2020-01-20 10:15 | Read:246 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Industry Reactions to Crypto Vulnerability Found by NSA: Feedback Friday

One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency.The vulnerability, tracked as CVE-2020-0601 and dubbed ChainOfFools and CurveBall, affects Windows 10, Server 2016 and Server 2019, as well as applications that rely on Windo
Publish At:2020-01-17 22:15 | Read:325 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered.Tracked as CVE-2019-19781, the vulnerability impacts Citrix ADC and Gateway products (p
Publish At:2020-01-17 22:15 | Read:284 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Microsoft Introduces Free Source Code Analyzer

Microsoft this week announced a new source code analyzer designed to identify interesting characteristics of code. Called Microsoft Application Inspector, the new tool doesn’t focus on discovering poor programming practices in the analyzed code. Instead, it looks for interesting features and metadata, such as cryptography, connections to remote resource
Publish At:2020-01-17 22:15 | Read:339 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Siemens Warns of Security Risks Associated With Use of ActiveX

Siemens this week addressed several vulnerabilities and warned customers about the security risks associated with the use of ActiveX in industrial products.Microsoft’s ActiveX controls make it possible for websites to provide certain types of content, such as videos and games, and they allow users to interact with certain types of elements in the browser, su
Publish At:2020-01-17 12:00 | Read:323 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

Hackers Earn $275,000 for Vulnerabilities in U.S. Army Systems

A total of 146 valid vulnerabilities were reported as part of the second Hack the Army bug bounty program, and more than $275,000 were paid in rewards.The challenge ran between October 9 and November 15, 2019, and was the result of a partnership between the Defense Digital Service, the U.S. Department of Defense (DoD), and hacker-powered pentesting platform
Publish At:2020-01-17 12:00 | Read:122 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

PoC Exploits Released for Cisco DCNM Vulnerabilities

A researcher who discovered many vulnerabilities in Cisco’s Data Center Network Manager (DCNM) product has made public some proof-of-concept (PoC) exploits and technical details.In early January, Cisco informed customers that it had released updates for DCNM to address several critical and high-severity vulnerabilities.The vulnerabilities rated critical can
Publish At:2020-01-16 22:15 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

PoC Exploits Released for Crypto Vulnerability Found by NSA

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.The vulnerability, named by some ChainOfFools and CurveBall, was patched by Microsoft this week with
Publish At:2020-01-16 12:00 | Read:242 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Using Gap Analysis to Fix a Leaky Enterprise

Attackers Evolve Quickly, and We Must Work Daily to Ensure We Are Ready for Their Next MoveI recently had a rather comical experience involving a leak in the watering system in my garden. One day, I noticed that one part of the system was leaking.  After that piece was replaced, a second part starting leaking. Replacing that piece resulting in a third p
Publish At:2020-01-15 22:15 | Read:197 | Comments:0 | Tags:INDUSTRY INSIGHTS Vulnerabilities

Public Bug Bounty Program Launched for Kubernetes

The Cloud Native Computing Foundation (CNCF) this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability.Kubernetes is an open-source system designed for automating deployment, scaling and management of containerized applications. It was originally developed by Google and it’s now maintained b
Publish At:2020-01-15 22:15 | Read:193 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg


Share high-quality web security related articles with you:)


Tag Cloud