HackDig : Dig high-quality web security articles

Zoho Patches Critical Vulnerability in Endpoint Management Solutions

Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine.Tracked as CVE-2021-44757 and rated critical severity, the newly addressed security error is an authentication bypass issue that could allow a remote attacker to perform various a
Publish At:2022-01-18 12:57 | Read:104 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Zoho fixes a critical vulnerability (CVE-2021-44757) in Desktop Central solutions

Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. The issue is an authe
Publish At:2022-01-17 18:12 | Read:187 | Comments:0 | Tags:Breaking News Security Cybersecurity cybersecurity news Hack

Critical SAP Vulnerability Allows Supply Chain Attacks

A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns.Tracked as CVE-2021-38178 and featuring a CVSS score of 9.1, the critical vulnerability was addressed on the October 2021 SAP Patch Day.Described as an improper authorizati
Publish At:2022-01-17 12:57 | Read:206 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Safari 15 Vulnerability Allows Cross-Site Tracking of Users

A vulnerability in Apple’s implementation of the IndexedDB API in Safari 15 allows websites to track users’ activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains.Used in all major browsers, IndexedDB is a low-level browser API for storing client data, which follows the same-origin po
Publish At:2022-01-17 12:57 | Read:99 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors

A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles.Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device.The attacke
Publish At:2022-01-17 12:57 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability hack

Cisco Patches Critical Vulnerability in Contact Center Products

Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator.Tracked as CVE-2022-20658 (CVSS score of 9.6), the issue exists because there was no server-side validatio
Publish At:2022-01-13 12:57 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

SAP Patches Log4Shell Vulnerability in More Applications

German software maker SAP this week announced its first set of security updates for 2022, including patches for more applications affected by the Log4Shell vulnerability.Last month, after revealing it had identified 32 applications that use the vulnerable Apache Log4j library, the company released patches for 20 of them.On its January 2022 Security Patch Day
Publish At:2022-01-12 06:25 | Read:145 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Microsoft: New critical Windows HTTP vulnerability is wormable

Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022.The bug, tracked as CVE-2022-21907 and patched during this month's Patch Tuesday, was discovered in the HTTP Protocol Stack (HTTP.sys) used as a protocol listener for processi
Publish At:2022-01-11 18:34 | Read:357 | Comments:0 | Tags:Microsoft Security Vulnerability

Millions of Routers Impacted by NetUSB Kernel Vulnerability

A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns.Developed by KCodes, NetUSB was designed to enable the interaction between remote network devices in a network and USB devices that are connected to a router. A driver needs to be installed on the
Publish At:2022-01-11 12:57 | Read:186 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Microsoft Details 'powerdir' macOS Vulnerability Leading to Data Leaks

A vulnerability addressed recently in Apple’s macOS platform could be exploited to gain unauthorized access to a user’s personal data, Microsoft explains.Tracked as CVE-2021-30970, the new security error, which Microsoft calls powerdir, allows an attacker to bypass the platform’s Transparency, Consent, and Control (TCC) technology and “potentially orchestrat
Publish At:2022-01-11 09:01 | Read:209 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability data leak

cWifi Hotspot Wireless CP - Code Execution Vulnerability

Document Title:===============cWifi Hotspot Wireless CP - Code Execution VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2310Release Date:=============2021-12-15Vulnerability Laboratory ID (VL-ID):====================================2310Common Vulnerability Scoring System:=============================
Publish At:2022-01-07 18:14 | Read:253 | Comments:0 | Tags: Vulnerability

Easy Cart Shopping Cart - (Search) Persistent Vulnerability

Document Title:===============Easy Cart Shopping Cart - (Search) Persistent VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2298Release Date:=============2021-12-15Vulnerability Laboratory ID (VL-ID):====================================2298Common Vulnerability Scoring System:==========================
Publish At:2022-01-07 18:14 | Read:267 | Comments:0 | Tags: Vulnerability

Rocket LMS v1.1 - (History) Persistent XSS Vulnerability

Document Title:===============Rocket LMS v1.1 - (History) Persistent XSS VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2305Release Date:=============2021-12-29Vulnerability Laboratory ID (VL-ID):====================================2305Common Vulnerability Scoring System:=============================
Publish At:2022-01-07 18:14 | Read:216 | Comments:0 | Tags: Xss Vulnerability

Log4Shell-Like Vulnerability Found in Popular H2 Database

A critical, unauthenticated remote code execution vulnerability has been impacting the H2 database console since 2008.An open-source Java SQL database, H2 is an in-memory solution that eliminates the need to store data on disk, and is one of the most popular Maven packages, having roughly 7,000 artifact dependencies,Tracked as CVE-2021-42392, the newly discl
Publish At:2022-01-07 12:56 | Read:225 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

FTC threatens “legal action” over unpatched Log4j and other vulns

byPaul DucklinThe Federal Trade Commission (FTC) is the US consumer rights body, and it has sailed into 2022 with a bang, not a whimper.Using the infamous Log4Shell vulnerability as what you might call its Exhibit A, the FTC has fired a shot across the bows of companies in US jurisdictions, telling them to get their patching in order, or face the consequence
Publish At:2022-01-05 15:00 | Read:214 | Comments:0 | Tags:Data loss Law & order Privacy Vulnerability Equifax ftc Log4

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3