HackDig : Dig high-quality web security articles

Emergency Chrome 103 Update Patches Actively Exploited Vulnerability

While many expected — or at least hoped — that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability.The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to G
Publish At:2022-07-04 20:11 | Read:72 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Django fixes SQL Injection vulnerability in new releases

The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases.Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued tod
Publish At:2022-07-04 09:48 | Read:79 | Comments:0 | Tags:Security Vulnerability

Amazon Photos vulnerability could have given attackers access to user files and data

Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a user’s unique access token that verifies their identity across multiple Amazon APIs. That would give attackers access to a trove of information, since many of these APIs contain personal data, such as names, email addresses, and home addresses.
Publish At:2022-06-30 11:52 | Read:196 | Comments:0 | Tags:Exploits and vulnerabilities amazon Amazon Drive Amazon Phot

Vulnerability in Amazon Photos Android App Exposed User Information

Cybersecurity firm Checkmarx has published details on a high-severity vulnerability in the Amazon Photos Android application that could have allowed malicious apps to steal an Amazon access token.With more than 50 million downloads, Amazon Photos offers cloud storage, allowing users to store photos and videos at their original quality, as well as to print an
Publish At:2022-06-30 08:05 | Read:205 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

CISA warns of hackers exploiting PwnKit Linux vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.The security flaw, identified as CVE-2021-4034, was found in the Polkit's pkexec component used by all major distributions (including Ubuntu, Debian, Fedora, and CentOS).PwnKit is a memory corrupt
Publish At:2022-06-29 13:58 | Read:167 | Comments:0 | Tags:Security Vulnerability exploit CISA hack

Azure Service Fabric Vulnerability Can Lead to Cluster Takeover

Microsoft has patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster.Tracked as CVE-2022-30137, the vulnerability impacts Service Fabric, Microsoft’s container orchestrator that provides management of services across container clusters. Microsoft says Service Fabric
Publish At:2022-06-29 12:02 | Read:189 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Amazon fixes high-severity vulnerability in Android Photos app

Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store.Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features.Amazon Photos o
Publish At:2022-06-29 09:47 | Read:280 | Comments:0 | Tags:Security Mobile Vulnerability android

CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by
Publish At:2022-06-28 16:12 | Read:210 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

CISA Log4Shell warning: Patch VMware Horizon installations immediately

CISA and the United States Coast Guard Cyber Command (CGCYBER) are warning that the threat of Log4Shell hasn’t gone away. It’s being actively exploited and used to target organisations using VMware Horizon and Unified Access Gateway servers. Log4Shell: what is it? Log4Shell was a zero-day vulnerability in something called Log4j. This open s
Publish At:2022-06-27 07:53 | Read:244 | Comments:0 | Tags:Exploits and vulnerabilities Malwarebytes news exploit log4s

Researchers: Oracle Took 6 Months to Patch 'Mega' Vulnerability Affecting Many Systems

Security researchers have published technical details on a critical Fusion Middleware vulnerability that Oracle took six months to patch.Tracked as CVE-2022–21445 (CVSS score of 9.8), the vulnerability is described as a deserialization of untrusted data, which could be exploited to achieve arbitrary code execution. Identified in the ADF Faces component, the
Publish At:2022-06-24 12:02 | Read:292 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)vulnerability in SAP Focused Run (Real User Monitoring)## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesired requestin SAP Focused Run.## Advisory Information- Public
Publish At:2022-06-21 13:30 | Read:323 | Comments:0 | Tags: Xss Vulnerability security

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)vulnerability in SAP Fiori launchpad## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesiredrequests in the SAP System (CSRF) as well as redirected to arbitrary website(O
Publish At:2022-06-21 13:30 | Read:238 | Comments:0 | Tags: Xss Vulnerability security

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1

# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerabilityin SAP Focused Run (Simple Diagnostics Agent 1.0)## Impact on BusinessRunning unnecessary services, like a jetty webserver, may lead to increasedsurface area for an attack and also it unnecessarily exposes underlyingvulnerabilities.## Advisory Information- Public Release Date: 06/21/2
Publish At:2022-06-21 13:30 | Read:385 | Comments:0 | Tags: Vulnerability security

Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability inSAP Focused Run (Simple Diagnostics Agent 1.0)## Impact on BusinessExposing the contents of a directory can lead to a disclosure of usefulinformationfor the attacker to devise exploits, such as creation times of files or anyinformation that may be encoded in file names. The directory
Publish At:2022-06-21 13:30 | Read:267 | Comments:0 | Tags: Vulnerability security

Exploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations

More than one million WordPress websites were potentially impacted by a critical Ninja Forms plugin vulnerability that appears to have been exploited in the wild.With over one million installations, the popular Ninja Forms plugin helps administrators add customizable forms to their WordPress sites.The exploited security issue, which was identified in the Mer
Publish At:2022-06-17 09:13 | Read:382 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cybercrime Vulnerability

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3