HackDig : Dig high-quality web security articles for hackers

Apache Guacamole Vulnerabilities Facilitate Attacks on Enterprises

Remote code execution and information disclosure vulnerabilities addressed in Apache Guacamole can be highly useful to threat actors targeting enterprises, Check Point security researchers warn.An open-source remote desktop gateway, Apache Guacamole is an HTML5 web application that can be used on a broad range of devices, straight from the web browser. One o
Publish At:2020-07-03 10:11 | Read:165 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Cisco Discloses Details of Chrome, Firefox Vulnerabilities

Cisco’s Talos threat intelligence and research group this week disclosed the details of recently patched vulnerabilities affecting the Chrome and Firefox web browsers.The Chrome flaw, tracked as CVE-2020-6463 and classified as high severity with a CVSS score of 8.8, was patched by Google in April with the release of Chrome 81.0.4044.122. The tech giant award
Publish At:2020-07-03 06:20 | Read:102 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Serious Vulnerabilities in F5's BIG-IP Allow Full System Compromise

Critical and high-severity vulnerabilities discovered by researchers in F5 Networks’ BIG-IP application delivery controller (ADC) allow a remote attacker to take complete control of the targeted system.The vulnerabilities were identified by researchers at cybersecurity firm Positive Technologies, which disclosed its findings this week after the vendor releas
Publish At:2020-07-02 14:53 | Read:162 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Cisco Patches Vulnerabilities in Small Business Routers, Switches

Cisco on Wednesday announced that it has patched several vulnerabilities affecting its products, including flaws in Small Business routers and switches.Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows
Publish At:2020-07-02 11:03 | Read:103 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Windows Codecs Library Vulnerabilities Allow Remote Code Execution

Microsoft on Tuesday published advisories to provide details on two remote code execution vulnerabilities addressed in the Windows Codecs Library.Both of these vulnerabilities are related to the manner in which the affected Windows component handles objects in memory and both feature a CVSS score of 7.3.Despite that, however, Microsoft considers one to be cr
Publish At:2020-07-01 15:43 | Read:76 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products

Netgear has started releasing patches for ten vulnerabilities affecting nearly 80 of its products, including flaws disclosed last year at the Pwn2Own hacking competition.All of the security holes were reported to Netgear through Trend Micro’s Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five b
Publish At:2020-07-01 15:43 | Read:104 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities IoT Sec

macOS Privacy Protections Bypass Disclosed After Apple Fails to Release Fix

Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix.Dubbed TCC (Transparency, Consent, and Control), the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized a
Publish At:2020-07-01 15:43 | Read:115 | Comments:0 | Tags:NEWS & INDUSTRY Privacy Vulnerabilities Privacy & Co

Researchers Show How Hackers Can Target ICS via Barcode Scanners

Industrial control systems (ICS) can be hacked through barcode scanners, researchers at cybersecurity services company IOActive said on Tuesday.Hackers previously demonstrated that keystrokes can be remotely injected via an industrial barcode scanner into the computer the scanner is connected to, which could result in the computer getting compromised.IOActiv
Publish At:2020-06-30 15:05 | Read:168 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

US Cyber Command: Foreign APTs Likely to Exploit New Palo Alto Networks Flaw

Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon.The vulnerability, tracked as CVE-2020-2021 with a CVSS score of 10, affects PAN-OS 8.0, 8.1, 9.0 and 9.1, and it has been patched
Publish At:2020-06-30 08:50 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

Driver Vulnerabilities Facilitate Attacks on ATMs, PoS Systems

Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale (PoS) systems and other devices, firmware security company Eclypsium warned on Monday.Eclypsium last year analyzed device drivers from major vendors and found that over 40 drivers made by 20 companies contained serious vulnerabilities that could be exploited to deploy persistent malware.The
Publish At:2020-06-30 01:07 | Read:181 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Vulnerabilities IoT Se

NVIDIA Patches Code Execution Flaws in GPU Drivers

NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution.The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver. Both feature a C
Publish At:2020-06-26 12:13 | Read:175 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

IBM Discloses Tenda Powerline Extender Flaws Apparently Ignored by Vendor

IBM has disclosed the details of several vulnerabilities found in powerline extenders made by China-based networking solutions provider Tenda. IBM says Tenda ignored its emails and phone calls, and it’s unclear if any patches are being developed.Considered an alternative to Wi-Fi extenders, powerline extenders leverage a building’s electrical wiring to boost
Publish At:2020-06-26 08:19 | Read:122 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities IoT Sec

Sony Launches PlayStation Bug Bounty Program on HackerOne

Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne.Previously, the company ran a private bug bounty with some researchers only, but says that it has come to realize that the research community plays an important role in improving security, and that the new
Publish At:2020-06-25 09:09 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

VMware Patches Several Vulnerabilities Allowing Code Execution on Hypervisor

VMware informed customers on Tuesday that it addressed a total of 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity flaws that can be exploited for code execution on the hypervisor.The most serious of the vulnerabilities is CVE-2020-3962, a critical use-after-free bug related to the SVGA device. An a
Publish At:2020-06-24 13:51 | Read:184 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Bug Hunters Confident They Will Continue to Outperform AI: Study

Cyber security is described as a form of asymmetric warfare. One side, the defenders, have limited numbers -- just the security team. The other side includes every blackhat hacker in the world -- that is, many, many thousands. The blackhats only need to succeed once; the defenders need to succeed many times every day. Bugcrowd seeks to reverse this impossibl
Publish At:2020-06-24 09:59 | Read:105 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Vulnerabilities Manageme


Share high-quality web security related articles with you:)