HackDig : Dig high-quality web security articles for hackers

Android's September 2020 Patches Fix Critical System Vulnerabilities

Google addressed two critical vulnerabilities in the Android System component as part of the newly released September 2020 set of security patches.More than 50 flaws are described in the Android Security Bulletin for September 2020: twenty-two as part of the 2020-09-01 security patch level and twenty-nine with the 2020-09-05 security patch level.Of the 22 is
Publish At:2020-09-09 08:17 | Read:156 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Secureworks to Acquire Vulnerability Management Startup Delve Laboratories

Managed Security Services provider Secureworks (NASDAQ:SCWX), announced on Wednesday that it has agreed to acquire acquire Delve Laboratories, a company that provides a vulnerability management and asset discovery platform.Terms of the acquisition were not disclosed. According to SecurityWeek's research, Delve has raised roughly $1.5 million in Seed funding.
Publish At:2020-09-09 08:17 | Read:154 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Critical Access Control Vulnerability Patched in SAP Marketing

SAP this week announced the release of 10 new Security Notes as part of its September 2020 Security Patch Day, as well as updates for 6 previous Security Notes.Two of the Security Notes are rated Hot News and address critical flaws in SAP Marketing - Mobile Channel Servlet (CVE-2020-6320 – improper access control) and NetWeaver (ABAP Server) and ABAP Platfor
Publish At:2020-09-09 08:17 | Read:201 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Researcher Details Google Maps Vulnerability That Earned Him $10,000

A researcher has disclosed the details of a cross-site scripting (XSS) vulnerability in Google Maps that earned him $10,000.Israel-based security researcher Zohar Shachar discovered the vulnerability in April 2019 and it was patched a few weeks later, but he only now disclosed his findings.The flaw affected the Google Maps feature that allows users to create
Publish At:2020-09-09 07:00 | Read:197 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Microsoft Patches 129 Vulnerabilities With September 2020 Security Updates

Microsoft’s Patch Tuesday updates for September 2020 fix 129 vulnerabilities, but the company says none of them has been exploited in attacks or made public before patches were released.The tech giant has assigned a critical severity rating to 23 of the vulnerabilities affecting Windows, web browsers, Dynamics 365, SharePoint, Exchange and Visual Studio. Eac
Publish At:2020-09-09 00:28 | Read:202 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security

Identifying the Most Dangerous Common Software and Hardware Weaknesses and Vulnerabilities – The CWE Top 25 (2020 Editio

So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE). The CWE Top 25 is a community-developed list of the most dang
Publish At:2020-09-08 17:36 | Read:143 | Comments:0 | Tags:Featured Articles Vulnerability Management CWE vulnerabiliti

Adobe Patches Critical Code Execution Flaws in AEM, FrameMaker, InDesign

Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager (AEM), FrameMaker and InDesign products.In its InDesign design and publishing product, Adobe fixed five critical memory corruption bugs that can allow an attacker to execute arbitrary code in the context of the targeted user.In the FrameMaker d
Publish At:2020-09-08 16:38 | Read:118 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Vulnerabilities in CodeMeter Licensing Product Expose ICS to Remote Attacks

Vulnerabilities affecting CodeMeter, a popular licensing and DRM solution made by Germany-based Wibu-Systems, can expose industrial systems to remote attacks, industrial cybersecurity company Claroty warned on Tuesday.CodeMeter is designed to protect software against piracy and reverse engineering, it offers licensing management capabilities, and it includes
Publish At:2020-09-08 16:38 | Read:196 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Cisco Patches Critical Vulnerability in Jabber for Windows

Cisco last week released patches to address a critical remote code execution vulnerability in Jabber for Windows.Tracked as CVE-2020-3495 and featuring a CVSS score of 9.9, the flaw can be exploited remotely without authentication through sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) message to a vulnerable application.The iss
Publish At:2020-09-07 13:17 | Read:137 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Facebook Announces Vulnerability Reporting and Disclosure Policy

Facebook is giving third-party application developers three weeks to respond to vulnerability reports and three months to patch bugs before public disclosure. The social media giant took the wraps off a Vulnerability Disclosure Policy this week, aimed at bugs its researchers may discover in third-party code and systems, open source applications included
Publish At:2020-09-04 07:07 | Read:206 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Google Increases Bug Bounty Payouts for Abuse Risk Flaws

Google this week increased the reward amounts paid to researchers for reporting abuse risk as part of its bug bounty program. Google added product abuse risks to its Vulnerability Reward Program (VRP) two years ago and says that more than 750 such issues have been identified since. The amount for high severity issues was increased by 166% from $5,0
Publish At:2020-09-02 19:00 | Read:232 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Hackers Are Targeting a Three-Year Old Vulnerability in QNAP NAS Devices

Recent attacks targeting QNAP Network Attached Storage (NAS) devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say. The attacker, 360 Netlab says, shows caution in exploiting the security flaw. However, the researchers were able to identify two attacker IPs, namely 219.85.109[.]
Publish At:2020-09-02 16:04 | Read:161 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Data Protection Vulnerab

Cisco Says Hackers Targeting Zero-Days in Carrier-Grade Routers

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw (CVE-2020-3566) in the Distance Vector Multicast Routing Protocol (DVMRP) feature o
Publish At:2020-09-01 16:36 | Read:172 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities hack

Iranian Hackers Target Critical Vulnerability in F5's BIG-IP

A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller (ADC) in early July.Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system. F5's BI
Publish At:2020-09-01 13:51 | Read:268 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Slack Pays Bounty for Critical Vulnerability in Desktop App

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. An attacker could exploit the vulnerability to execute arbitrary code within Slack’s desktop apps for macOS, Linux, and Windows. The issue was discovered by security engineer Oskars Vegeris of Evoluti
Publish At:2020-08-31 17:12 | Read:158 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability


Tag Cloud