HackDig : Dig high-quality web security articles

Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model

Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability disclosure policy, it could include additional 30 days to the disclosure process for some bugs to give end-us
Publish At:2021-04-17 15:20 | Read:107 | Comments:0 | Tags:Breaking News Security Google Hacking hacking news informati

Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices

A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices.The security hole, tracked as CVE-2021-0254 and affecting the Junos operating system, was discovered by Nguyễn Hoàng Thạch, aka d4rkn3ss, a researcher with Singapore-based cyberse
Publish At:2021-04-16 11:25 | Read:180 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy

Google’s Project Zero cybersecurity research unit on Thursday announced that it’s making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw.Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020. Until now, if
Publish At:2021-04-16 07:30 | Read:73 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities Man

Another Critical Vulnerability Patched in SAP Commerce

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.Tracked as CVE-2021-27602 and featuring a CVSS score of 9.9, the critical security hole could
Publish At:2021-04-14 08:31 | Read:68 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

While analyzing the CVE-2021-1732 exploit originally discovered by the DBAPPSecurity Threat Intelligence Center and used by the BITTER APT group, we discovered another zero-day exploit we believe is linked to the same actor. We reported this new exploit to Microsoft in February and after confirmation that it is indeed a zero-day, it received the designation
Publish At:2021-04-13 13:57 | Read:160 | Comments:0 | Tags:Research Microsoft Windows Vulnerabilities and exploits Zero

Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices

An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system.The bug, specifically a memory corruption issue, was found to impact QNAP NAS devices running Surveillance Station versions 5.1.5.4.2 and 5.1.5.3.2, and was addressed in
Publish At:2021-04-13 12:55 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge.A zero-day vulnerability is a security bug that has been publicly disclosed but has not been patched in the released version of the affected software.Today, security researcher Rajvardhan Agarw
Publish At:2021-04-12 22:54 | Read:99 | Comments:0 | Tags:Security Software Vulnerability

LifeLabs Launches Vulnerability Disclosure Program

Canada’s leading provider of laboratory diagnostic information and digital health connectivity systems today announced the launch of a new Vulnerability Disclosure Program (VDP).LifeLabs Medical Laboratory started the VDP program with the intention of strengthening cybercrime detection technology across its online tools, apps, and solutions.&ldquo
Publish At:2021-04-09 13:55 | Read:123 | Comments:0 | Tags: Vulnerability

How Vulnerability Management Can Stop a Data Breach

Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2,000 surveyed IT and security workers indicated that they had suffered a data breach in the last two years that
Publish At:2021-04-08 14:55 | Read:180 | Comments:0 | Tags:Data Protection Security Intelligence & Analytics Security S

Vulnerability in 'Domain Time II' Could Lead to Server, Network Compromise

A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday.Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools pr
Publish At:2021-04-08 07:46 | Read:192 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Securit

Apple devices get urgent patch for zero-day exploit – update now!

byPaul DucklinApple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches.Even users of older iPhones and iPads who are still on the officially-supported iOS 12 version need to patch, so the versions you should be updating to are as follows:iOS 14 (recent iPhones): update to
Publish At:2021-04-07 10:24 | Read:123 | Comments:0 | Tags:Apple Apple Safari iOS Vulnerability CVE-2021-1879 Exploit i

Naked Security Live – Lessons beyond ransomware

byPaul DucklinCybercrime isn’t about just one sort of attack, one type of crook, or one method of protection!Learn more: Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback or show subtitles.Why not join us live next time?Don’t forget that these talks are streamed weekly on our Facebo
Publish At:2021-04-07 10:24 | Read:162 | Comments:0 | Tags:Malware Ransomware Video BlackKingdom Exploit hacking Hafniu

PHP web language narrowly avoids “backdoor” supply chain attack

byPaul DucklinOpen source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend.Technically, in fact, you could say that the “attack” was successful, given that imposters were apparently able to make to make the same source code change on two separate occasions:Code change in Trojanised ext/zli
Publish At:2021-04-07 10:24 | Read:136 | Comments:0 | Tags:Vulnerability Backdoor PHP supply chain webshell

Google Patches Critical Code Execution Vulnerability in Android

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity. The bug was patched as part of the
Publish At:2021-04-07 08:22 | Read:157 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Run Interface for Account takeover vulnerability fraud detection

Account takeover vulnerability fraud is a type of ‘identity fraud’ where a vindictive outsider effectively accesses a client’s account credentials. By acting like the authentic user, hackers can change the details of the accounts, convey phishing emails, take monetary data or any other information that is sensitive, or utilize any of the rustled data t
Publish At:2021-04-07 07:03 | Read:79 | Comments:0 | Tags:Account takeover vulnerability Knowledge-base Account takeov