HackDig : Dig high-quality web security articles for hacker

Videolabs Patches Code Execution, DoS Vulnerabilities in libmicrodns Library

Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos’ security researchers warn.A company founded by VideoLAN members, Videolabs is the current editor of the VLC mobile applications and also an important contributor to the VLC media player. The libmicrodns
Publish At:2020-03-25 03:23 | Read:185 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

VMware Again Fails to Patch Privilege Escalation Vulnerability in Fusion

VMware has released an update for the macOS version of Fusion to fix a privilege escalation vulnerability for which it initially released an incomplete patch. However, one of the researchers who found it says the patch is “still bad.”VMware told customers on March 17 that Fusion, Remote Console (VMRC) and Horizon Client for Mac are impacted by a high-severit
Publish At:2020-03-24 19:48 | Read:214 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

WPvivid Backup Plugin Flaw Leads to WordPress Database Leak

A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX reveals.WPvivid Backup Plugin is a free and open-source plugin that allows users to easily backup, migrate, and restore their WordPress installations to new hosts, or send backups to remote storage. The pl
Publish At:2020-03-24 12:13 | Read:109 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Critical Flaw in Adobe Creative Cloud App Allows Hackers to Delete Files

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files.Adobe Creative Cloud is a set of applications and services used for video editing, graphic design, photography and web development. The Creative Cloud desktop application allows users to easily manage their apps
Publish At:2020-03-24 12:13 | Read:182 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cloud

Hackers Target Two Unpatched Flaws in Windows Adobe Type Manager Library

Microsoft informed customers on Monday that it’s working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution.According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a “specially-crafted multi-master font - Adobe Type 1 PostScript format.”Adobe told Securit
Publish At:2020-03-23 17:15 | Read:160 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities

Flaw in Password Managers Allowed Apps to Steal Credentials

One of the vulnerabilities that researchers from the University of York discovered in widely-used password managers could have resulted in malicious apps stealing users’ credentials.Password managers are encrypted vaults employed to store credentials and other sensitive information, and they allow the use of strong, unique credentials for each of the applica
Publish At:2020-03-23 13:27 | Read:137 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Vulnerability Exposed Tesla Central Touchscreen to DoS Attacks

Hackers could have caused a Tesla Model 3’s central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. The car maker has released a software update that patches the vulnerability.A researcher who uses the online moniker Nullze discovered that the Tesla Model 3’s web interface is affected by a denial-of-se
Publish At:2020-03-23 13:27 | Read:143 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security Vulnerabili

Zero-Day Vulnerabilities in LILIN DVRs Exploited by Several Botnets

Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets.Researchers at Chinese cybersecurity firm Qihoo 360 started seeing attacks in late August 2019. The vendor released firmware updates that should patch the exploited flaws on
Publish At:2020-03-23 09:39 | Read:186 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

New Mirai Variant Delivered to Zyxel NAS Devices Via Recently Patched Flaw

A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage (NAS) devices made by Zyxel through the exploitation of a recently patched vulnerability.Zyxel informed customers last month that some of its NAS devices and firewalls are affected by a critical vulnerability — tracked as CVE-2020-9054 — that can be
Publish At:2020-03-20 16:00 | Read:258 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

Drupal Updates CKEditor to Patch XSS Vulnerabilities

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library.CKEditor is a popular open source WYSIWYG editor that is highly configurable and has hundreds of features. Drupal uses CKEditor and it has decided to update it to vers
Publish At:2020-03-19 18:25 | Read:217 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser.The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 (coronavirus) epidemic, and affects both Chrome and Chrome OS releases.“Our primary obj
Publish At:2020-03-19 11:40 | Read:163 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Patch for Recently Disclosed VMware Fusion Vulnerability Incomplete

The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete.VMware informed customers on March 17 that Fusion, Remote Console (VMRC) and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries. The compa
Publish At:2020-03-19 10:49 | Read:193 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Researchers Hack Windows, Ubuntu, macOS at Pwn2Own 2020

On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS.Pwn2Own typically takes place at the CanSecWest cybersecurity conference in Vancouver, Canada, and participants have to attend in person. However, due to concerns related to the COVID-19 c
Publish At:2020-03-19 02:10 | Read:199 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Cisco Patches Several Vulnerabilities in SD-WAN Solution

Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a “high severity” rating.The high-severity vulnerabilities — all of them reported to Cisco by Orange Group — are caused by insufficient input validation. They can be exploited to make unauthorized changes to the sys
Publish At:2020-03-18 15:51 | Read:187 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

VMware Fixes Privilege Escalation Vulnerability in Fusion for Mac

VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console (VMRC) or Horizon Client are installed.The vulnerability, tracked as CVE-2020-3950 and classified as high severity, is related to the improper use of setuid binaries, and it impacts Fusion 11.x, VMRC 1
Publish At:2020-03-18 12:04 | Read:232 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability


Share high-quality web security related articles with you:)


Tag Cloud