HackDig : Dig high-quality web security articles

Zoho Patches Critical Vulnerability in Endpoint Management Solutions

Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine.Tracked as CVE-2021-44757 and rated critical severity, the newly addressed security error is an authentication bypass issue that could allow a remote attacker to perform various a
Publish At:2022-01-18 12:57 | Read:96 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

VirusTotal Hacking Offers a Supercharged Version of Google Hacking

Chronicle’s VirusTotal (VT) is a boon to security researchers and a gift to potential criminals. Apart from virus samples it contains likely millions of user credentials readily available to anyone who knows where and how to look.This is the finding of SafeBreach researchers who wanted to see if VT’s advanced search capabilities could provide a supercharged
Publish At:2022-01-18 12:57 | Read:56 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities Da

Critical SAP Vulnerability Allows Supply Chain Attacks

A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns.Tracked as CVE-2021-38178 and featuring a CVSS score of 9.1, the critical vulnerability was addressed on the October 2021 SAP Patch Day.Described as an improper authorizati
Publish At:2022-01-17 12:57 | Read:206 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Safari 15 Vulnerability Allows Cross-Site Tracking of Users

A vulnerability in Apple’s implementation of the IndexedDB API in Safari 15 allows websites to track users’ activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains.Used in all major browsers, IndexedDB is a low-level browser API for storing client data, which follows the same-origin po
Publish At:2022-01-17 12:57 | Read:99 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Oracle to Release Nearly 500 New Security Patches

Oracle is preparing the release of nearly 500 new security patches with its Critical Patch Update (CPU) for January 2022.According to its pre-release announcement, the company has lined up 483 new patches for the first CPU of 2022, which is scheduled for Tuesday, January 18.Critical vulnerabilities will be patched in Oracle Essbase, Graph Server and Client,
Publish At:2022-01-17 12:57 | Read:222 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors

A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles.Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device.The attacke
Publish At:2022-01-17 12:57 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability hack

Details Published on AWS Flaws Leading to Data Leaks

Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.The first of the security flaws is described as an XML External Entity (XXE) error that could have been exploited to leak sensitive file
Publish At:2022-01-14 16:53 | Read:173 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Privacy Audits Email S

U.S. Government, Tech Giants Discuss Open Source Software Security

The White House on Thursday hosted a summit where representatives of the U.S. government and major tech companies discussed open source software security.The recent disclosure and exploitation of vulnerabilities affecting the widely used Log4j logging utility have once again highlighted the importance of open source security and software supply chain securit
Publish At:2022-01-14 09:01 | Read:139 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities Man

FCC Chair Proposes New Policies for Carrier Data Breach Reporting

Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.The Notice of Proposed Rulemaking (NPRM) shared by Rosenworcel within the FCC seeks to strengthen rules for notifying customers affected by a data breach and federal law enforcement.Per the updated ru
Publish At:2022-01-13 16:53 | Read:203 | Comments:0 | Tags:Disaster Recovery Endpoint Security Network Security NEWS &a

Cisco Patches Critical Vulnerability in Contact Center Products

Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator.Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists because there was no server-side validatio
Publish At:2022-01-13 12:57 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

ZDI Announces Rules and Prizes for Pwn2Own 2022

Trend Micro’s Zero Day Initiative (ZDI) on Wednesday announced the targets, prizes and rules for Pwn2Own Vancouver 2022, scheduled to take place May 18-20 alongside the CanSecWest conference.This year’s Pwn2Own will be hybrid — participants can attend in person in Vancouver or they can tune in remotely and have their exploits run by ZDI staff. Registration c
Publish At:2022-01-13 09:01 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Apple Patches iOS HomeKit Flaw After Researcher Warning

Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery.The iOS 15.2.1 patch, available for all supported iPhones and iPads, is described simply as a “resource exhaustion issue” that causes
Publish At:2022-01-12 21:13 | Read:137 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Mozilla Patches High-Risk Firefox, Thunderbird Security Flaws

Mozilla has released Firefox 96 with patches for 18 security vulnerabilities affecting its flagship web browser and the Thunderbird mail program.Of the newly patched security flaws, nine are rated high-severity while six carry a "medium-severity" rating.The most important of these issues is CVE-2022-22746, a race condition leading to the bypass of full-scree
Publish At:2022-01-12 16:53 | Read:223 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

ICS Patch Tuesday: Siemens, Schneider Electric Address 40 Vulnerabilities

The first round of security advisories released by Siemens and Schneider Electric in 2022 address a total of 40 vulnerabilities.SiemensSiemens has released five advisories addressing a total of 14 vulnerabilities. Based on the CVSS score, the most important advisory describes two flaws affecting SICAM A8000 devices.One of the flaws, rated critical, is relate
Publish At:2022-01-12 12:57 | Read:194 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Vulnerabilities

Microsoft Introduces New Security Update Notifications

Microsoft this week announced updated notifications for the Security Update Guide, the page where the tech company informs users of vulnerabilities that affect Microsoft products.The newly announced changes, Microsoft says, are designed to help receive Security Update Guide notifications easier, allowing users to sign up with any email address and receive al
Publish At:2022-01-12 12:57 | Read:147 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security


Share high-quality web security related articles with you:)
Tell me why you support me <3