HackDig : Dig high-quality web security articles

Time to uninstall! Abandoned Android apps pack a vulnerability punch

Synopsis has published an advisory warning of multiple vulnerabilities across three different Android remote mouse and keyboard apps with a combined install count of about two million. The apps are at risk from remote code execution (RCE), and there’s no sign of a fix coming anytime, ever. Bleeping Computer notes that the issues were first discovered a
Publish At:2022-12-08 14:18 | Read:24557 | Comments:0 | Tags:News CVE android apps abandonware vulnerability bug telepad

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth

In the Android security bulletin of December 5, 2022 you can find an overview of the security vulnerabilities affecting Android devices that are fixed in patch level 2022-12-05 or later. The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additi
Publish At:2022-12-08 14:18 | Read:26436 | Comments:0 | Tags:Android Exploits and vulnerabilities News Vulnerability andr

Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS

Cybersecurity solutions provider Fortinet this week announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.Tracked as CVE-2022-35843 (CVSS score of 7.7), the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered wh
Publish At:2022-12-07 11:55 | Read:43972 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IOS Vulnerability

FreeBSD Systems Exposed to Compromise Due to Ping Vulnerability

The creators of the FreeBSD operating system have released updates meant to resolve a vulnerability within the ping module. The vulnerability, identified as CVE-2022-23093, could be exploited to crash the program or trigger remote code execution, and affects all supported versions of FreeBSD.Last week, an advisory was published, explaining the issue in furth
Publish At:2022-12-06 08:10 | Read:70976 | Comments:0 | Tags:Cybersecurity News Vulnerability

New SiriusXM Vulnerability Allows Hackers to Unlock and Start Connected Cars Remotely

Researchers have recently discovered a security vulnerability that allows threat actors to remotely attack vehicles through a service provided by SiriusXM. Models from carmakers Nissan, Honda, Acura, and Infiniti have been victims of this new method so far.Researcher Sam Curry stated last week on Twitter that the flaw could be used to unlock, start, locate,
Publish At:2022-12-05 16:06 | Read:52608 | Comments:0 | Tags:Cybersecurity News Vulnerability hack

A New Malware Exploits A Critical Vulnerability on Redis Servers

To gain control of infected systems and, likely, to construct a botnet network, a new Go-based malware is targeting Redis servers. The attacks exploited a critical security flaw to plant a hidden backdoor and enable command execution.Redis (Remote Dictionary Server) is an open-source, in-memory data structure store, used by developers as a database, cache, a
Publish At:2022-12-05 12:08 | Read:84672 | Comments:0 | Tags:Cybersecurity News Vulnerability exploit

Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

------------------------------------------------------------------Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability------------------------------------------------------------------[-] Software Link:https://www.drupal.org/project/h5p[-] Affected Versions:Version 2.0.0-alpha2 and prior versions.Version 7.x-1.50 and prior versions.[-] Vulne
Publish At:2022-12-03 11:53 | Read:91807 | Comments:0 | Tags: Vulnerability

IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks

IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.The vulnerability has been named Hell’s Keychain by cloud security firm Wiz, whose researchers discovered the issue. It has been described by the company as a “first-of-its-kind supply-chain attack vector impacting a cloud provider
Publish At:2022-12-02 10:30 | Read:80416 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Vulnerabilities Cloud Vul

Sirius XM Software Vulnerability

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was in the car’s Sirius XM telematics infrastructure and would
Publish At:2022-12-01 13:49 | Read:78035 | Comments:0 | Tags: Vulnerability

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply
Publish At:2022-11-29 17:37 | Read:105176 | Comments:0 | Tags:Cybersecurity IoT Microsoft Microsoft security intelligence

Oracle Fusion Middleware Vulnerability Exploited in the Wild

The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks.The security hole, tracked as CVE-2021-35587, impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on (SSO) solution. The aff
Publish At:2022-11-29 10:30 | Read:87044 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability

Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products.Tracked as CVE-2022-40684 and impacting FortiOS, FortiProxy, and FortiSwitchManager products, the vulnerability was publicly disclosed in early October, when it w
Publish At:2022-11-29 10:30 | Read:91262 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cybercrime Vulnerability

Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot

A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.Tracked as CVE-2022-4020 (CVSS score of 8.1), the vulnerability was identified in the HQSwSmiDxe DXE driver, which checks for the existence of the ‘BootOrderSecureBootDisable’ NVRAM variable to di
Publish At:2022-11-29 10:30 | Read:77029 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Vulnerabilities Vulner

Experts found a vulnerability in AWS AppSync

Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by re
Publish At:2022-11-28 11:49 | Read:99199 | Comments:0 | Tags:Breaking News Hacking Amazon Web Services AWS hacking news i

What Is Vulnerability Management?

Some people still believe their IT infrastructure is unflawed simply because they’ve never experienced a cybersecurity incident – until something goes wrong and the company becomes the victim of a malware attack or a data leak. This is why proactively finding security flaws and minimizing loopholes is an utter necessity for organizations large and smal
Publish At:2022-11-24 16:06 | Read:170452 | Comments:0 | Tags:Patch management Vulnerability vulnerability management

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud