HackDig : Dig high-quality web security articles

Ghost Security Snags $15M Investment for API Security Tech

Texas startup Ghost Security has joined the list of early-stage companies in the API and application security space attracting venture capital funding.The Austin-based company emerged from stealth this week with $15 million in investments from 468 Capital, DNX Ventures, and Munich Re Ventures."We believe the explosive growth of microservices and APIs in the
Publish At:2022-08-05 16:14 | Read:231 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

F5 Fixes 21 Vulnerabilities With Quarterly Security Patches

Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.The company has released separate advisories for a dozen high-severity vulnerabilities, as well as eight medium-severity and one low-severity flaws.The h
Publish At:2022-08-05 12:04 | Read:173 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

FEMA Urges Patching of Emergency Alert Systems, But Some Flaws Remain Unfixed

The US Federal Emergency Management Agency (FEMA) has issued an advisory urging organizations to ensure that their emergency alert systems are patched, but a researcher says there are no patches for some of the vulnerabilities affecting these systems.The emergency alert system (EAS) in the United States enables authorities to broadcast emergency alerts and w
Publish At:2022-08-05 12:04 | Read:241 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Vulnerabilities

Zimbra Credential Theft Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) informed organizations on Thursday that a recently patched vulnerability affecting the Zimbra enterprise email solution has been exploited in attacks.The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext cre
Publish At:2022-08-05 08:06 | Read:228 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Email Security Vulne

Critical Vulnerabilities Allow Hacking of Cisco Small Business Routers

Updates released by Cisco for some of its small business routers patch serious vulnerabilities that could allow threat actors to take control of affected devices.Three vulnerabilities have been identified by external researchers in Cisco’s RV160, RV260, RV340, and RV345 series VPN routers. An unauthenticated attacker could exploit the flaws remotely for arbi
Publish At:2022-08-04 12:04 | Read:229 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities hack

SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers

Many small and medium-sized businesses (SMBs) could be exposed to attacks due to a critical vulnerability that has been found to impact hundreds of thousands of DrayTek Vigor routers.The security hole, discovered by researchers at threat detection and response company Trellix, affects nearly 30 DrayTek Vigor router models that are used by many SMBs. The issu
Publish At:2022-08-04 12:04 | Read:218 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Compliance Automation Startup RegScale Scores $20 Million Investment

RegScale, a Virginia startup building technology to manage continuous compliance automation tasks, has attracted $20 million in early-stage venture capital funding.The Series A round was led by SYN Ventures with participation from SineWave Ventures, VIPC’s Virginia Venture Partners and SecureOctane.RegScale, which maintains headquarters in Tyson’s Corner, Vi
Publish At:2022-08-03 20:12 | Read:256 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Robinhood Crypto Penalized $30M for Violating NY Cybersecurity Regulations

The cryptocurrency division of Robinhood has been slapped with a $30 million penalty by New York's Department of Financial Services for significant violations of cybersecurity and money laundering regulations.The $30 million penalty, announced late Tuesday via a consent order, adds to a litany of problems at Robinhood that range from security breaches, to on
Publish At:2022-08-03 16:14 | Read:280 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104

Google has patched 27 vulnerabilities with the release of Chrome 104 on Tuesday, and the researchers who reported some of these security holes earned thousands of dollars in bug bounties.The internet giant has paid out a total of approximately $90,000 for the flaws patched in the latest version of Chrome, but it has yet to determine the rewards for two of th
Publish At:2022-08-03 08:05 | Read:304 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

VMware Ships Urgent Patch for Authentication Bypass Security Hole

Virtualization technology giant VMware on Tuesday shipped an urgent, high-priority patch to address an authentication bypass vulnerability in its Workspace ONE Access, Identity Manager and vRealize Automation products.The vulnerability carries VMware’s highest severity rating (CVSSv3 base score of 9.8) and should be remediated without delay, the company said
Publish At:2022-08-02 16:13 | Read:315 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Priva

Google Patches Critical Android Flaw Allowing Remote Code Execution via Bluetooth

Google on Monday published a security bulletin describing the latest round of patches for the Android operating system. Three dozen vulnerabilities have been fixed, including a critical issue that can be exploited for remote code execution over Bluetooth.The critical vulnerability is tracked as CVE-2022-20345 and it affects the System component. It has been
Publish At:2022-08-02 12:03 | Read:241 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities android

Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue

Israeli cloud-native application security testing firm Oxeye discovered that the way URL parsing is implemented in some Go-based applications creates vulnerabilities that could allow threat actors to conduct unauthorized actions.Go, or Golang, is an open source programming language designed for building reliable and efficient software at scale. Supported by
Publish At:2022-08-02 12:03 | Read:292 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities

Organizations Warned of Critical Confluence Flaw as Exploitation Continues

The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to address a recently disclosed Confluence vulnerability that has been exploited in attacks.The critical vulnerability, tracked as CVE-2022-26138, is related to the existence of an account named ‘disabledsystemuser’
Publish At:2022-08-01 12:03 | Read:213 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cybercrime exploit

Microsoft Connects USB Worm Attacks to 'EvilCorp' Ransomware Gang

Cybersleuths at Microsoft have found a link between the recent 'Raspberry Robin' USB-based worm attacks and EvilCorp, a notorious Russian ransomware operation sanctioned by the U.S. government.According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targe
Publish At:2022-07-29 16:13 | Read:483 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Calls Mount for US Gov Clampdown on Mercenary Spyware Merchants

Cybersecurity professionals from Google's threat hunting unit and the University of Toronto's Citizen Lab are upping the pressure on mercenary hacking firms selling high-end surveillance spyware with fresh calls for the U.S. government to urgently clamp down on these businesses.In prepared remarks during a House Intelligence Committee hearing this week, Goog
Publish At:2022-07-28 16:13 | Read:305 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud