HackDig : Dig high-quality web security articles for hacker

CVE-2017-0780: Denial-of-Service Vulnerability can Crash Android Messages App

by Jason Gu and Seven Shen Just about anyone can appreciate a good old meme GIF every now and then, but what if one caused your Android Messages to crash? A denial-of-service vulnerability we recently disclosed to Google can do exactly that and more. Designated as CVE-2017-0780, we’ve confirmed it to be in the latest Nexus and Pixel devices. The security fla
Publish At:2017-09-07 07:30 | Read:3682 | Comments:0 | Tags:Mobile Vulnerabilities android Android Messages CVE-2017-078

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:3713 | Comments:0 | Tags:Application Security Risk Management Application Development

The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard

In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities
Publish At:2017-08-16 13:40 | Read:7352 | Comments:0 | Tags:Exploits Internet of Things intelligent transportation syste

CVE-2017-0199: New Malware Abuses PowerPoint Slide Show

By Ronnie Giagone and Rubio Wu CVE-2017-0199 was originally a zero-day remote code execution vulnerability that allowed attackers to exploit a flaw that exists in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office to deliver malware. It is commonly exploited via the use of malicious Rich Text File (RTF) documents, a method used by t
Publish At:2017-08-14 06:00 | Read:3087 | Comments:0 | Tags:Malware Vulnerabilities

Eight Myths Not to Believe About Penetration Testing

Penetration testing — the process of trying to break into one’s own system to find vulnerabilities before cybercriminals do — is an integral part of information security. The data gleaned from these evaluations can help companies remediate flaws in their security infrastructure before fraudsters have a chance to expose them. Dispelling Eight Penetratio
Publish At:2017-08-10 20:40 | Read:3205 | Comments:0 | Tags:Data Protection Risk Management Data Breaches Penetration Te

Critical Windows Search and Hyper-V Vulnerabilities Tackled by August’s Patch Tuesday

Microsoft has released their monthly security bulletin with 48 security patches—25 of which are labeled Critical, 21 are Important, and two are Moderate in severity. This was a standard batch of updates, addressing issues in Internet Explorer, Microsoft Edge, Windows, Microsoft SharePoint, Adobe Flash Player and Microsoft SQL Server. A majority of the critic
Publish At:2017-08-09 15:20 | Read:2444 | Comments:0 | Tags:Vulnerabilities August Patch Tuesday

Assessing Risks and Remediating Threats With a Layered Approach to Vulnerability Management

Companies need to do more than just scan for known problems and provide huge vulnerability reports to system and network administrators for remediation. According to Gartner, known vulnerabilities still comprise 99 percent of all known exploit traffic. Furthermore, malware, ransomware and exploit kits target vulnerabilities that are six months or older on av
Publish At:2017-08-09 07:50 | Read:3730 | Comments:0 | Tags:CISO Risk Management Security Intelligence & Analytics Patch

How Chat App Discord Is Abused by Cybercriminals to Attack ROBLOX Players

Cybercriminals targeting gamers are nothing new. We’ve reported many similar incidents in the past, from fake game apps to real-money laundering through online game currencies. Usually the aim is simple: to steal personal information and monetize it. And usually, for that purpose the game itself is abused. In the particular scenario we are describing in this
Publish At:2017-08-08 15:20 | Read:3657 | Comments:0 | Tags:Exploits Vulnerabilities API Chat Program API Discord ROBLOX

Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr
Publish At:2017-08-08 05:25 | Read:2385 | Comments:0 | Tags:Mobile Open source Vulnerabilities android F2FS Linux Vulner

Hire a Team of Hackers to Identify Vulnerabilities

It’s common to hear the phrase “never leave security to chance” in business. Given the rapid advancement and persistence of cybercrime, chief information security officers (CISOs) need the ability to deploy offensive security measures to protect their networks. One way to do this is to employ a team of hackers to proactively protect the or
Publish At:2017-08-04 20:10 | Read:3560 | Comments:773 | Tags:CISO Risk Management Chief Information Security Officer (CIS

Virtualization-Based Security is Helping Security Professionals Relax

Virtualization’s continued journey across the enterprise led inevitably to security Enhanced security benefits using virtualization are powerful and compelling Virtualization takes the security responsibility off users and delivers control to IT Detection-based security doesn’t work. It’s an exhausted concept. The battle’s been waged for 30 years and the c
Publish At:2017-08-03 12:45 | Read:2978 | Comments:0 | Tags:Innovation cybersecurity detection intelligence management p

Psychological Security: Helping Your Team Think Like Cybercriminals

Chance favors the prepared mind. That’s what famous chemist Louis Pasteur once said, but it’s also an important principle that applies to psychological security. Remember back in middle school when name-calling was a way we expressed our emotions? You’ll likely recall the common response: “It takes one to know one!” It Takes a
Publish At:2017-07-27 00:40 | Read:2375 | Comments:0 | Tags:CISO Fraud Protection Cybercrime Cybercriminals Penetration

The Living Dead: How to Protect Legacy Systems

The recent widespread attacks of WannaCry and NotPetya both used known vulnerabilities of legacy operating systems, namely SMB v1 protocol. In general, known vulnerabilities are easy to mitigate as long as patches and updates are provided. But in these cases, many organizations seem to have ignored the advice to patch their systems — or maybe not. There ar
Publish At:2017-07-20 21:00 | Read:3642 | Comments:0 | Tags:Network Risk Management Legacy Applications legacy systems n

Linux Users Urged to Update as a New Threat Exploits SambaCry 

by Mohamad Mokbel, Tim Yeh, Brian Cayanan A seven-year old vulnerability in Samba—an open-source implementation of the SMB protocol used by Windows for file and printer sharing—was patched last May but continues to be exploited. According to a security advisory released by the company, the vulnerability allows a malicious actor to upload a shared library to
Publish At:2017-07-18 21:10 | Read:3583 | Comments:0 | Tags:Exploits Vulnerabilities exploit

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability

By Govind Sarda (Vulnerability Research) The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plu
Publish At:2017-07-13 12:15 | Read:2588 | Comments:0 | Tags:Vulnerabilities Apache Struts Vulnerability


Share high-quality web security related articles with you:)


Tag Cloud