HackDig : Dig high-quality web security articles

Cl0p ransomware gang claims first victims of the MOVEit vulnerability

On Friday June 2, 2023 we reported about a MOVEit Transfer vulnerability that was actively being exploited. If your organization uses MOVEit Transfer and you haven’t patched yet, it really is time to move it. Excuse the bad pun, but yesterday we saw the first victims of this vulnerability come forward. MOVEit Transfer is a widely used file transfer sof
Publish At:2023-06-06 22:03 | Read:50848 | Comments:0 | Tags:Exploits and vulnerabilities News Ransomware Progress MOVEit

Update now! MOVEit Transfer vulnerability actively exploited

On May 31, 2023, Progress Software released a security bulletin about a critical vulnerability in MOVEit Transfer. The security bulletin states: “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the da
Publish At:2023-06-02 22:03 | Read:179673 | Comments:0 | Tags:Exploits and vulnerabilities News Progress MOVEit vulnerabil

Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations

On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. TrustedSec has performed analysis on the vulnerability and post-exploitation activities. At the time of publication, there is no associated CVE or CVS score. This post will describe the rese
Publish At:2023-06-01 13:07 | Read:136437 | Comments:0 | Tags:Incident Response Incident Response & Forensics Vulnerabilit

MacOS Vulnerability Enables Hackers to Bypass SIP Root Restrictions

Researchers discovered an Apple vulnerability that threat actors can use to deploy undeletable malware. In order to exploit CVE-2023-32369, hackers need to previously gain root privileges over the device.The Apple bug enables them to bypass System Integrity Protection (SIP) and access the victim`s private data by evading Transparency, Consent, and Control (T
Publish At:2023-05-31 07:48 | Read:63739 | Comments:0 | Tags:Cybersecurity News Vulnerability hack

Barracuda Networks patches zero-day vulnerability in Email Security Gateway

On May 20, Barracuda Networks issued a patch for a zero day vulnerability in its Email Security Gateway (ESG) appliance. The vulnerability existed in a module which initially screens the attachments of incoming emails, and was discovered on May 19. Barracuda's investigation showed that the vulnerability resulted in unauthorized access to a subset of ema
Publish At:2023-05-30 22:03 | Read:67637 | Comments:0 | Tags:Exploits and vulnerabilities News Vulnerability security

SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)

SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >======================================================================= title: Stored XSS vulnerability in rename functionality product: Wekan (Open-Source kanban) vulnerable version: <=6.74 fixed version: 6.75 or higher CVE number: CVE-2023-28485
Publish At:2023-05-29 23:36 | Read:49374 | Comments:0 | Tags: Xss Vulnerability

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!

WordPress plugins are under fire once more, and you’re advised to update your version of Beautiful Cookie Consent Banner as soon as possible. The plugin, which is installed on more than 40,000 sites, has been impacted by a “bizarre campaign”  being actively used since at least February 5 of this year. The plugin is designed to present
Publish At:2023-05-25 22:03 | Read:106853 | Comments:0 | Tags:Business beautiful cookie consent banner Wordpress plugin vu

Google announced its Mobile VRP (vulnerability rewards program)

Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications. Google’s Mobile VRP is a bug bounty program for reporting vulnerabilities in
Publish At:2023-05-23 11:27 | Read:67823 | Comments:0 | Tags:Breaking News Mobile Security Bug Bounty hacking news inform

US CISA warns of a Samsung vulnerability under active exploitation

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. The issue affects Samsung mobile devices running Android 11, 12, and 13, it
Publish At:2023-05-20 07:28 | Read:81758 | Comments:0 | Tags:Breaking News Hacking Security CISA CVE-2023-21492 hacking n

KeePass vulnerability allows attackers to access the master password

KeePass is a free open source password manager, which helps you to manage your passwords and stores them in encrypted form. In fact, KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc. That encrypted database can only be opened with the master password. You absolutely do not want an attacker to get h
Publish At:2023-05-18 22:02 | Read:96059 | Comments:0 | Tags:Exploits and vulnerabilities News Personal KeePass memory du

Child safety app riddled with vulnerabilities: Update now!

An app designed to restrict screen time and add a “kids' mode” for children on smart devices has been found to have a broad range of security issues.  The app, “Parental Control - Kids Place” is an Android app which is incredibly popular, sporting 5M+ downloads on its Google Play page. In terms of what the app does with user&r
Publish At:2023-05-18 22:02 | Read:99039 | Comments:0 | Tags:Personal Parental control kids place child safety controls r

Update now! Ruckus vulnerability added to CISA’s list of actively exploited bugs

Along with six older vulnerabilities, the Cybersecurity and Infrastructure Agency (CISA) has added a vulnerability in multiple Ruckus wireless products to the Known Exploited Vulnerabilities Catalog. This means that  Federal Civilian Executive Branch (FCEB) agencies need to remediate these vulnerabilities by June 2, 2023. The Common Vulnerabilities and
Publish At:2023-05-15 22:02 | Read:122424 | Comments:0 | Tags:Exploits and vulnerabilities News Ruckus CISA AndoryuBot CVE

Linux Kernel Vulnerability Gives Cybercriminals Root Privileges

There is a new Linux NetFilter kernel flaw that allows unprivileged local users to escalate their privileges to root level, giving them complete control over the system. The vulnerability has been assigned the CVE-2023-32233 identifier, but its severity level has not yet been determined.Netfilter nf_tables accepts invalid configuration updates, allowing spec
Publish At:2023-05-11 07:47 | Read:159974 | Comments:0 | Tags:Cybersecurity News Vulnerability cyber privilege

A zero-click vulnerability in Windows allows stealing NTLM credentials

Researchers shared technical details about a flaw in Windows MSHTML platform, tracked as CVE-2023-29324, that could be abused to bypass security protections. Cybersecurity researchers have shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform. An attacker can exploit the vulnerability
Publish At:2023-05-11 04:06 | Read:152699 | Comments:0 | Tags:Breaking News Security Hacking information security news IT

Warning! New DDoS Botnet Malware Exploits Critical Ruckus RCE Vulnerability

AndoryuBot new malware aims to infect unpatched Wi-Fi access points to enlist them in DDoS attacks. To this end, threat actors exploit a critical Ruckus vulnerability in the Wireless Admin panel.The flaw is tracked as CVE-2023-25717 and enables hackers to perform remote code execution (RCE) by sending unauthenticated HTTP GET requests to unpatched devices.Th
Publish At:2023-05-10 11:45 | Read:191409 | Comments:0 | Tags:Cybersecurity News DDOS Vulnerability exploit botnet

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud