HackDig : Dig high-quality web security articles for hackers

Chinese Drone Giant DJI Responds to Disclosure of Android App Security Issues

Chinese drone giant Da Jiang Innovations (DJI) on Thursday responded to the disclosure of security issues discovered by researchers in one of its Android applications.France-based cybersecurity company Synacktiv recently conducted an analysis of the DJI GO 4 application for Android. The app allows users to control and manage their DJI drones, and it’s mainly
Publish At:2020-07-24 08:05 | Read:162 | Comments:0 | Tags:Cyberwarfare Mobile Security NEWS & INDUSTRY Privacy Ris

Vulnerability in Cisco Firewalls Exploited Shortly After Disclosure

Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain potentially sensitive files from the targeted system. The first attempts to exploit the flaw were observed shortly after disclosure.The vulnerability, identified as CVE-2020-3452, impacts the web servic
Publish At:2020-07-24 07:00 | Read:157 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats Vul

Apple Offers Hackable iPhones to Security Researchers

Apple this week kicked off another initiative meant to improve the security of iPhones, by offering hackable phones to security researchers.Specifically designed for security researchers, these devices feature unique code execution and containment policies and are offered as part of the company’s Security Research Device (SRD) program, which was initially an
Publish At:2020-07-23 12:47 | Read:62 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Researchers Disclose New Methods for Replacing Content in Signed PDF Files

A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files.Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature. The hacker can create a document with two different contents, one that the sign
Publish At:2020-07-23 11:46 | Read:113 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Vulnerabilities Da

PoC Released for Critical Vulnerability Exposing SharePoint Servers to Attacks

One of the vulnerabilities that Microsoft addressed on the July 2020 Patch Tuesday in .NET Framework, SharePoint, and Visual Studio could lead to remote code execution.Tracked as CVE-2020-1147 and considered critical severity, the bug occurs when the software doesn’t check the source markup of XML file input. This could provide an attacker with the opportuni
Publish At:2020-07-22 16:30 | Read:110 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability Allows Remote Hacking of Devices Running Citrix Workspace App

Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the computer running the affected application.The security hole, tracked as CVE-2020-8207 and classified as high severity, affects the automatic update service used by the Citrix Workspace app for Windows, and it can be exp
Publish At:2020-07-22 05:54 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Apple Patches Multiple Code Execution Flaws in Audio Components

Apple this week released patches to address numerous vulnerabilities across its products, including five arbitrary code execution issues affecting the audio components used by its operating systems.The five bugs were found to affect macOS Catalina, with four of them also impacting iOS and iPadOS, tvOS, and watchOS.The first two of the flaws are CVE-2020-9884
Publish At:2020-07-17 14:03 | Read:143 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

ExpressVPN Announces Bug Bounty Program on Bugcrowd

Virtual private network service ExpressVPN this week announced the launch of a bug bounty program managed by crowdsourced security testing platform Bugcrowd.ExpressVPN has been running a bug bounty rewards program for four years, paying tens of thousands of dollars to security researchers who reported vulnerabilities in its apps, network, servers, site, and
Publish At:2020-07-17 14:02 | Read:103 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers

Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold.One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls
Publish At:2020-07-16 10:54 | Read:140 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities exploit

Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Chrome 84 was released in the stable channel this week with a total of 38 patches, but also with additional security improvements, including the rollout of a previously announced SameSite cookie change.Initially announced in May 2019, the change is meant to provide users with improved protection against cross-site request forgery (CSRF) attacks by making onl
Publish At:2020-07-15 11:44 | Read:77 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Csrf

Cisco Investigating Report of Vulnerability Found in Counterfeit Switches

Cisco has launched an investigation after researchers at F-Secure analyzed two counterfeit Cisco switches that appeared to exploit a previously unknown vulnerability.The fake Cisco Catalyst 2960-X series switches were used by an IT company. F-Secure was called in to conduct an analysis after the counterfeit devices were discovered in the fall of 2019. The sw
Publish At:2020-07-15 11:15 | Read:196 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Risk Management Vulnera

Vulnerabilities Impact Multiple Rittal Products Due to Use of Same Firmware

Researchers have discovered several potentially serious vulnerabilities affecting monitoring, cooling and power distribution products made by Germany-based Rittal.According to Austria-based cybersecurity company SEC Consult, Rittal’s CMC III industrial and IT monitoring system, LCP CW cooling system, and the entire portfolio of power distribution units (PDU)
Publish At:2020-07-15 11:15 | Read:166 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

Critical, Wormable Bug in Windows DNS Servers Could Allow Full Infrastructure Compromise

Exploitation Would Grant Attacker Domain Administrator Rights That Could Compromise Entire Corporate InfrastructureMicrosoft addressed a total of 123 vulnerabilities with its July 2020 Patch Tuesday updates, including a critical remote code execution bug that has affected Windows DNS (Domain Name System) servers for the past 17 years.Tracked as CVE-2020-1350
Publish At:2020-07-15 07:53 | Read:166 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Oracle's July 2020 CPU Includes 443 New Patches

Oracle this week released its quarterly Critical Patch Update (CPU), which includes a total of 443 new security fixes. More than half of the addressed vulnerabilities are remotely exploitable without authentication.This is a record-breaking CPU not only in terms of number of patches (the first to include over 400 fixes), but also in regard to the amount of c
Publish At:2020-07-15 07:53 | Read:118 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Patch Tuesday: Fixes for ‘Wormable’ Windows DNS Server RCE, SharePoint Flaws

There has been a common vulnerabilities and exposures (CVE) fixing trend in 2020 Patch Tuesdays. For instance, Microsoft has patched roughly more than 100 vulnerabilities per month in recent bulletins. Similarly, the July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine. The p
Publish At:2020-07-15 02:56 | Read:102 | Comments:0 | Tags:Exploits Vulnerabilities Microsoft Office SharePoint Windows


Tag Cloud