HackDig : Dig high-quality web security articles for hackers

S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast]

byPaul DucklinThis week: the DOJ’s attempt to reignite the Battle to Break Encryption; the story of the Russian hackers behind the Sandworm Team; a zero-day bug just patched in Chrome; and (oh no!) why your vocabulary needs the word “restore” even more than it needs “backup”.Presenters: Kimberly Truong, Doug Aamoth and Paul Duck
Publish At:2020-10-23 08:18 | Read:76 | Comments:0 | Tags:Cryptography Google Google Chrome Podcast crypto Cybercrime

FDA Approves Use of New Tool for Medical Device Vulnerability Scoring

The U.S. Food and Drug Administration (FDA) this week announced that it has approved the use of a new rubric specifically designed by the MITRE Corporation for assigning CVSS scores to vulnerabilities found in medical devices.The Common Vulnerability Scoring System (CVSS) was originally designed to convey the severity of vulnerabilities found in IT systems,
Publish At:2020-10-22 14:40 | Read:75 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Vulnerabilities Manageme

QNAP Issues Advisory on Zerologon Vulnerability

Storage solutions provider QNAP this week published an advisory to warn customers that certain versions of QTS, the operating system for its network-attached storage (NAS) devices, are affected by the Zerologon vulnerability.Residing in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) and addressed on August 2020 Patch Tuesday, the flaw started gaini
Publish At:2020-10-22 10:46 | Read:122 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

XSS Vulnerability Exploited in Tech Support Scam

Malwarebytes security researchers have identified a new campaign in which tech support scammers are exploiting a cross-site scripting (XSS) vulnerability and are relying exclusively on links posted on Facebook to reach potential victims.The scam starts with malicious bit.ly shortened links that are being distributed on the social media platform, and which ul
Publish At:2020-10-22 10:46 | Read:175 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Fraud & Identity

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers.The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites.The flaw can be exploited if a
Publish At:2020-10-22 07:49 | Read:109 | Comments:0 | Tags:Featured Articles IT Security and Data Protection plugin SQL

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from
Publish At:2020-10-21 18:59 | Read:150 | Comments:0 | Tags:Cybercrime Social engineering cross-site scripting tech supp

VMware Patches Critical Code Execution Vulnerability in ESXi

VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.The critical vulnerability, identified as CVE-2020-3992, has been described as a use-after-free issue that affects the OpenSLP service in ESXi.The vulnerability was
Publish At:2020-10-21 11:22 | Read:114 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Chrome Update Patches Actively Exploited FreeType Vulnerability

A Chrome 86 update released by Google on Tuesday patches several high-severity vulnerabilities, including a zero-day that has been exploited in the wild.The actively exploited vulnerability is tracked as CVE-2020-15999 and it has been described as a heap buffer overflow bug affecting FreeType, a popular software library for rendering fonts.In addition to Chr
Publish At:2020-10-21 08:45 | Read:155 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

IoT Security Foundation Launches Vulnerability Reporting Platform

The Internet of Things Security Foundation (IoTSF), an effort aimed at improving the security of IoT, has launched an online platform designed to make the reporting of vulnerabilities in IoT devices easier.Launched alongside a new report into coordinated vulnerability disclosure, the Consumer Internet of Things Vulnerability Disclosure Platform (VulnerableTh
Publish At:2020-10-21 08:45 | Read:114 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Chinese Hackers Target Cisco Discovery Protocol Vulnerability

Chinese state-sponsored hackers are targeting a Cisco Discovery Protocol vulnerability that was disclosed earlier this year, the networking giant and the U.S. National Security Agency revealed on Tuesday.An advisory published by the NSA on Tuesday lists 25 vulnerabilities that have been exploited or targeted by threat actors believed to be sponsored by Beiji
Publish At:2020-10-21 07:28 | Read:129 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Virus & Threats Vulnera

Cisco warns of attacks targeting high severity router vulnerability

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company's Cisco IOS XR Software.The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.The vul
Publish At:2020-10-20 21:24 | Read:78 | Comments:0 | Tags:Security Vulnerability

LISTSERV Maestro Remote Code Execution Vulnerability

Document Title:===============LISTSERV Maestro Remote Code Execution Vulnerability References (Source):====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:=============2020-10-20 Product & Service Introduction:===============================LISTSERV Maestro is an enterprise email
Publish At:2020-10-20 17:14 | Read:94 | Comments:0 | Tags: Vulnerability

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Researchers discovered that MMO game Street Mobster is leaking data of 1.9 million users due to SQL Injection critical vulnerability. Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data. Original Post: https://cybernews.com/street-mobster-game-leaking-data-of-2-million-players The CyberNews.com Invest
Publish At:2020-10-20 13:17 | Read:180 | Comments:0 | Tags:Breaking News Data Breach data leak Gaming Hacking hacking n

Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000

A security researcher says he has earned $20,000 for a high-severity GitHub Enterprise vulnerability that might have allowed an attacker to execute arbitrary commands.GitHub Enterprise, the on-premises version of GitHub.com, is designed to make it easier for large enterprise software development teams to collaborate.In June, Australia-based software develope
Publish At:2020-10-20 11:58 | Read:142 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

IoT Security Foundation Launches Vulnerability Disclosure Platform

A platform to allow IoT vendors to simplify the reporting and management of vulnerabilities has been launched by the Internet of Things Security Foundation (IoTSF).With the ETSI EN 303 645 specification requiring IoT vendors to publish a clear and transparent vulnerability disclosure policy, establish an internal vulnerability management procedure,
Publish At:2020-10-20 10:55 | Read:88 | Comments:0 | Tags: Vulnerability security

Tools

Tag Cloud