HackDig : Dig high-quality web security articles for hacker

Vulnerability Allows Hackers to Take Control of ABB Substation Protection Devices

A critical vulnerability affecting some Relion protection devices from ABB can be exploited to take control of a device or cause it to become inoperable, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned last week.The flaw affects Relion 670 series devices made by Swiss-based industrial technology solutions provider ABB. These products
Publish At:2019-12-02 10:15 | Read:220 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities Vulnerabilit

Hackers Accessed Magento Marketplace User Data

Adobe-owned e-commerce platform Magento recently informed some Magento Marketplace users that an unauthorized third-party had gained access to their account information.According to Magento, the attackers exploited a vulnerability in the Magento Marketplace, which allowed them to access information such as name, email address, MageID, shipping and billing ad
Publish At:2019-11-30 10:15 | Read:94 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a
Publish At:2019-11-30 07:35 | Read:66 | Comments:0 | Tags:Bad Sites Exploits Internet of Things Malware Open source Sp

Kaspersky Patches Several Vulnerabilities in Web Protection Features

Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office Security products.Researcher Wladimir Palant informed Kaspersky in December 2018 that he had found some vulnerabilities related to product features designed to bloc
Publish At:2019-11-26 22:15 | Read:289 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Many Apps Impacted by GIF Processing Flaw Patched Recently in WhatsApp

Trend Micro security researchers have discovered thousands of Android applications impacted by the GIF processing vulnerability that was patched recently in WhatsApp.Tracked as CVE-2019-11932, the security flaw exists in the open source library named libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package and is used by numerous Android
Publish At:2019-11-26 12:00 | Read:205 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the under
Publish At:2019-11-25 14:35 | Read:222 | Comments:0 | Tags:Mobile Vulnerabilities vulnerability whatsapp Vulnerability

Cloudflare Open-Sources Network Vulnerability Scanner

Security and web performance services provider Cloudflare this week announced the open source availability of Flan Scan, its lightweight network vulnerability scanner.Based on the Nmap open source tool, Flan Scan was born out of the need for an easy-to-deploy scanner that could accurately detect the services on a network and then look them up in a database o
Publish At:2019-11-22 22:15 | Read:205 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Cloud V

Dozens of Vulnerabilities Found in Open Source VNC Systems

Kaspersky researchers have identified dozens of vulnerabilities in four popular open source virtual network computing (VNC) systems, but fortunately the majority of them have been patched.VNC systems use the remote frame buffer (RFB) protocol to allow users to remotely control a device. According to Kaspersky, VNC is often used in industrial environments and
Publish At:2019-11-22 22:15 | Read:210 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

5G security and privacy for smart cities

The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serve as the foundation for advanced services, including: 8k strea
Publish At:2019-11-22 18:05 | Read:175 | Comments:0 | Tags:Publications Cyber espionage DDoS-attacks infrastructure Int

Critical Bug Patched in Popular Jetpack WordPress Plugin

An update for the popular WordPress plugin Jetpack addresses a critical security flaw that has existed for more than two years. With over 5 million installations to date, Jetpack provides WordPress site admins with security, performance, and site management capabilities. The plugin was designed to keep websites protected from brute-force attacks an
Publish At:2019-11-22 00:00 | Read:146 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Google Offering Up to $1.5 Million for Pixel Titan M Exploits

Google on Thursday announced that it’s expanding its Android bug bounty program, and certain types of exploits can now earn researchers up to $1.5 millionAccording to Google, it has paid out over $4 million for more than 1,800 vulnerability reports received since the launch of its Android Security Rewards program in 2015. In the past year, payouts totaled ov
Publish At:2019-11-22 00:00 | Read:147 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Long-Patched Vulnerabilities Still Present in Many Popular Android Apps

Critical vulnerabilities that have been fixed years ago are still present in many popular Android applications due to their developer’s failure to apply patches available for third-party components.Researchers at Check Point have selected three critical arbitrary code execution vulnerabilities patched in 2014, 2015 and 2016 in widely used third-party librari
Publish At:2019-11-21 12:00 | Read:260 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

DopplePaymer Ransomware Spreads via Compromised Credentials: Microsoft

The DopplePaymer ransomware spreads via existing Domain Admin credentials, not exploits targeting the BlueKeep vulnerability, Microsoft says.The malware, which security researchers believe to have been involved in the recent attack on Mexican state-owned oil company Petróleos Mexicanos (Pemex), has been making the rounds since June 2019, with some earlier sa
Publish At:2019-11-21 10:15 | Read:159 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

XSS Flaw in Gmail's Dynamic Email Feature Earns Researcher $5,000

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail.The dynamic email feature, also known as Accelerated Mobile Pages (AMP) for email or AMP4Email, enables the use of dynamic HTML content in emails, allowing users to conduct various tasks dir
Publish At:2019-11-20 12:01 | Read:163 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

Bigger Rewards, New Targets Announced for Mozilla Bug Bounty Program

Mozilla is celebrating the 15th anniversary of its Firefox web browser with significant updates to the organization’s bug bounty program, including new targets and bigger rewards.Mozilla announced on Tuesday that it’s doubling all payouts for vulnerabilities found in critical and core websites and services, and the maximum reward for remote code execution fl
Publish At:2019-11-20 10:15 | Read:183 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg


Share high-quality web security related articles with you:)


Tag Cloud