HackDig : Dig high-quality web security articles for hackers

Drupal releases fix for critical vulnerability with known exploits

Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild."The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal," the Drupal security team said.Drupal is used by roughly 2.4% of all sites with content m
Publish At:2021-01-22 11:49 | Read:92 | Comments:0 | Tags:Security Vulnerability exploit

Drupal Updates Patch Another Vulnerability Related to Archive Files

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.Core patches were made available for Drupal 9.1, 9.0, 8.9, and 7, to resolve a security flaw affecting PEAR Archive_Tar, and which also impacts Drupal. The third-party library has been designed to suppo
Publish At:2021-01-21 14:41 | Read:74 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

List of DNSpooq vulnerability advisories, patches, and updates

Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices.Dnsmasq is a widely used open-source Domain Name System (DNS) forwarding application commonly installed on routers, oper
Publish At:2021-01-20 13:01 | Read:151 | Comments:0 | Tags:Security Vulnerability

Chrome 88 Drops Flash, Patches Critical Vulnerability

Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash.The removal of Flash support isn’t surprising, considering that the software reached end-of-life on December 31, 2020, and Adobe started blocking
Publish At:2021-01-20 11:23 | Read:137 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

The story of ZeroLogon

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vu
Publish At:2021-01-19 15:42 | Read:161 | Comments:0 | Tags:Exploits and vulnerabilities cve-2020-1472 elevation of priv

Microsoft Reminds Organizations of Upcoming Phase in Patching Zerologon Vulnerability

Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability.Tracked as CVE-2020-1472 and addressed on August 2020 Patch Tuesday, the critical vulnerability was identified in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and can be abused to
Publish At:2021-01-15 11:45 | Read:188 | Comments:0 | Tags:NEWS & INDUSTRY Incident Response Vulnerabilities Manage

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA.Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Apache Velocity i
Publish At:2021-01-15 08:13 | Read:207 | Comments:0 | Tags:Security Software Xss Vulnerability

Expert discovered a DoS vulnerability in F5 BIG-IP systems

A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716, that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Ma
Publish At:2021-01-14 20:12 | Read:186 | Comments:0 | Tags:Breaking News Security DOS F5 BIG-IP Hacking hacking news in

Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks

A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service (DoS) attacks.The security flaw was discovered by Nikita Abramov, a researcher at cybersecurity solutions provider Positive Technologies, and it impacts certain versions of BIG-IP Access Policy Manager (APM), a secure access sol
Publish At:2021-01-14 14:59 | Read:160 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability Management Has a Data Problem

Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes.Today, vulnerability management teams have so much data on hand that processing and analyzing it takes as much time as remediation efforts. This occurs in great part because each of the many tools used for remediating vulnerabilities provides
Publish At:2021-01-14 14:56 | Read:169 | Comments:0 | Tags: Vulnerability

Microsoft issues 83 patches, one for actively exploited vulnerability

Every second Tuesday of the month it’s ‘Patch Tuesday’. On Patch Tuesday Microsoft habitually issues a lot of patches for bugs and vulnerabilities in its software. It’s always important to patch, but the update that was released on January 12 is one to pay attention to. That’s because it contains a patch for a vulnerability i
Publish At:2021-01-13 19:18 | Read:205 | Comments:0 | Tags:Exploits and vulnerabilities cve-2021-1647 patch tuesday win

Typeform fixes Zendesk Sell form data hijacking vulnerability

Online surveys and form building software as a service Typeform has patched an information hijacking vulnerability.The flaw which existed in Typeform's Zendesk Sell app integration could let attackers quietly redirect form submissions with potentially sensitive data to themselves.Typeform form IDs indexed by search eng
Publish At:2021-01-11 14:31 | Read:268 | Comments:0 | Tags:Security Software Vulnerability

Trovent Security Advisory 2010-01 / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability

# Trovent Security Advisory 2010-01 ######################################Email address enumeration in reset password###########################################Overview########Advisory ID: TRSA-2010-01Advisory version: 1.0Advisory status: PublicAdvisory URL: https://trovent.io/security-advisory-2010-01Affected product: Web application Rocket.ChatAffected ver
Publish At:2021-01-08 04:21 | Read:141 | Comments:0 | Tags: Vulnerability security

Windows PsExec zero-day vulnerability gets a free micropatch

A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform.PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec tool is also integrated into and used by enterprise tools to remotely laun
Publish At:2021-01-07 16:55 | Read:148 | Comments:0 | Tags:Security Vulnerability

[KIS-2021-01] IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability

-----------------------------------------------------------------------------IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability-----------------------------------------------------------------------------[-] Software Link:https://invisioncommunity.com[-] Affected Versions:Version 4.5.4 and prior versions.[-] Vulnerability Descri
Publish At:2021-01-06 20:05 | Read:188 | Comments:0 | Tags: Vulnerability


Tag Cloud