HackDig : Dig high-quality web security articles for hackers

Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight

The first entirely virtual edition of the Black Hat cybersecurity conference took place last week and researchers from tens of organizations presented the results of their work from the past year.Some of the most interesting presentations focused on vulnerabilities affecting industrial, IoT, hardware and web products, but a few of the talks covered endpoint
Publish At:2020-08-10 15:17 | Read:115 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY SCADA / ICS Vulnerabil

Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks

Security researchers have identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks.During a presentation at DEF CON last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) – a subsystem that enables the processing of data with low power c
Publish At:2020-08-10 15:17 | Read:130 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

'Find My Mobile' Vulnerabilities Exposed Samsung Galaxy Phones to Attacks

A series of vulnerabilities affecting Samsung’s Find My Mobile could have been chained to perform various types of activities on a compromised smartphone, a researcher from Portugal-based cybersecurity services provider Char49 revealed at the DEF CON conference on Friday.Find My Mobile is designed to help users find lost Samsung phones. It can also be used t
Publish At:2020-08-10 15:17 | Read:128 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Over 30 Vulnerabilities Discovered Across 20 CMS Products

Researchers have identified more than 30 vulnerabilities across 20 popular content management systems (CMS), including Microsoft SharePoint and Atlassian Confluence.The research was conducted by Alvaro Muñoz of GitHub and Oleksandr Mirosh of Micro Focus Fortify, and it focused on the security controls implemented by various CMS frameworks and products and me
Publish At:2020-08-10 08:50 | Read:67 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

TikTok and WeChat: Chinese Apps Dogged by Security Fears

The United States has fired a new salvo in its rivalry with China, ordering sweeping restrictions against Chinese-owned social media stars TikTok and WeChat.Here are some key facts about the platforms:- What is WeChat? -WeChat, known as "weixin" or micro-message in Chinese, belongs to tech giant Tencent and has grown to become ubiquitous in daily life across
Publish At:2020-08-07 15:41 | Read:186 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Compliance Risk

Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz

A team of Chinese researchers has described the analysis process that resulted in the discovery of 19 vulnerabilities in a Mercedes-Benz E-Class, including flaws that can be exploited to remotely hack a car.The research was conducted starting in 2018 by Sky-Go, the vehicle cybersecurity unit of Chinese security solutions provider Qihoo 360. The findings were
Publish At:2020-08-07 15:41 | Read:133 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Wireless Security Vulner

Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek.Cybersecurity firm ESET reported in February that billions of Wi-Fi-capable devices may have been at one point affec
Publish At:2020-08-07 11:51 | Read:146 | Comments:0 | Tags:NEWS & INDUSTRY Wireless Security Vulnerabilities Mobile

Researchers Revive 'Foreshadow' Attack by Extending It Beyond L1 Cache

Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks.Foreshadow, also known as L1 Terminal Fault (L1TF), is the name assigned to three speculative execution flaws reported to Intel shortly after the disclosure in January 2018 of the
Publish At:2020-08-07 07:55 | Read:96 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vu

Researcher Discovers New HTTP Request Smuggling Attack Variants

A researcher has detailed several new variants of an attack named HTTP request smuggling, and he has proposed some new defenses against such attacks.HTTP request smuggling, also known as HTTP desyncing, has been known since 2005, but Amit Klein, VP of security research at SafeBreach, believes the method has not been fully analyzed, which is why he has decide
Publish At:2020-08-06 12:40 | Read:79 | Comments:0 | Tags:Virus & Threats Vulnerabilities

Twitter Says Android App Vulnerability Exposed Direct Messages

Twitter informed customers on Wednesday that a vulnerability in its Android app could have been exploited by malicious applications to access private data.According to the social media giant, the flaw is related to a vulnerability that affects Android 8 and 9, which Google patched in October 2018.“Our understanding is 96% of people using Twitter for Android
Publish At:2020-08-06 08:48 | Read:100 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Incident Response Vulner

Researcher Details Sophisticated macOS Attack via Office Document Macros

A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code. The victim simply has to open the document and no alerts are displayed.Macros enable Office users to automate frequent tasks using VBA code. A macro added to an Office document can be triggered when the file is opened, a feature that cybercri
Publish At:2020-08-05 17:22 | Read:122 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Vulnerabilities

Vulnerabilities in Protocol Gateways Can Facilitate Attacks on Industrial Systems

Vulnerabilities found in protocol gateway devices can facilitate stealthy attacks on industrial systems, enabling threat actors to obtain valuable information and sabotage critical processes.Protocol gateways are small devices designed to ensure that various types of IT and OT devices can communicate with each other even if they use different protocols. For
Publish At:2020-08-05 09:38 | Read:83 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Drone Maker DJI Says Claims About Security of Pilot App 'Misleading'

Researchers have analyzed the security of DJI’s Pilot app for Android, but the Chinese drone giant says the claims they’ve made are misleading.Last month, France-based cybersecurity company Synacktiv reported that it had found some potentially serious security issues in the DJI GO 4 Android app, which allows users to control and manage recreational drones ma
Publish At:2020-08-05 07:50 | Read:69 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities.According to Google, the most serious flaw patched this month is a high-severity issue in the Framework component that can be exploited by a remote attacker to execute arbitrary code in the context of an unpri
Publish At:2020-08-04 18:12 | Read:146 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Microsoft Paid Out Nearly $14 Million via Bug Bounty Programs in Past Year

Microsoft reported on Tuesday that it paid out roughly $13.7 million through its bug bounty programs between July 1, 2019, and June 30, 2020.The tech giant runs 15 bug bounty programs, which 327 researchers used in the past year to report 1,226 eligible vulnerabilities.The single biggest reward paid out by the company was $200,000, with the highest rewards a
Publish At:2020-08-04 12:35 | Read:142 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Tools

Tag Cloud

Keywords