HackDig : Dig high-quality web security articles for hacker

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig
Publish At:2019-11-13 22:15 | Read:92 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability in McAfee Antivirus Products Allows DLL Hijacking

A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence, SafeBreach security researchers have discovered.The security flaw could be abused to load unsigned DLLs into multiple services that run as NT AUTHORITYSYSTEM. The exploitation, however, requires for the attacker to have admin privile
Publish At:2019-11-13 22:15 | Read:72 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Virus Vulnerability

Magento Users Warned of Remote Code Execution Vulnerability

Popular ecommerce platform Magento is advising users to apply patches for a remote code execution flaw that could allow unauthenticated attackers to deliver malicious payloads.Tracked as CVE-2019-8144 and featuring a CVSS score of 10, the vulnerability impacts Magento 2.3 prior to 2.3.3 or 2.3.2-p1 and it can be abused to insert code through PageBuilder temp
Publish At:2019-11-12 22:15 | Read:133 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Vulnerability Values Fluctuate Between White, Grey and Black Hats

A black hat selling vulnerabilities can make as much money as a white hat researcher using bug bounty programs, or a grey hat working for a nation state doing reverse engineering. Speaking at a Tenable conference in London last week, director of research Oliver Rochford said that to have people do vulnerability research is expensive, and all of the whit
Publish At:2019-11-12 02:40 | Read:104 | Comments:0 | Tags: Vulnerability

What You Need to Know About the Google Chrome Vulnerabilities

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-
Publish At:2019-11-11 23:20 | Read:11 | Comments:0 | Tags:Consumer Threat Notices computer security cybersafety cybers

Trend Micro Patches Code Execution Vulnerability in Anti-Threat Toolkit

Trend Micro recently patched a high-severity remote code execution vulnerability in its Anti-Threat Toolkit (ATTK).The Trend Micro ATTK tool allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections.Researcher John Page, aka hyp3rlinx, discovered that attackers can abuse ATTK to execute ar
Publish At:2019-10-23 22:15 | Read:324 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Maxthon Browser Vulnerability Can Help Attackers in Post-Exploitation Phase

Researchers have discovered a vulnerability in the Maxthon 5 Browser for Windows. Maxthon is a freeware browser developed by Maxthon Ltd, a firm headquartered in Beijing, China, and with offices in San Francisco, CA. Maxthon claims to be the default browser for 670 million worldwide users.The vulnerability was discovered by researchers at SafeBreach Labs, an
Publish At:2019-10-23 10:15 | Read:262 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar
Publish At:2019-10-21 16:50 | Read:313 | Comments:0 | Tags:A week in security amazon Dark Web domestic abuse domestic a

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi
Publish At:2019-10-18 16:50 | Read:470 | Comments:0 | Tags:Business cybercriminals exploit exploit kits exploits patch

SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject

SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: <= 9.0.3, <=10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium
Publish At:2019-10-18 10:50 | Read:277 | Comments:0 | Tags: Xss Vulnerability

Critical Security Vulnerability Disclosed in iTerm2 App

A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS.iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power users as a result of its many features and highly customiza
Publish At:2019-10-18 10:10 | Read:156 | Comments:0 | Tags:Latest Security News iTerm2 macOS vulnerability Vulnerabilit

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 1

The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to tou
Publish At:2019-10-18 10:10 | Read:162 | Comments:0 | Tags:Vulnerability Management ML1 VM Vulnerability

An interesting Google vulnerability that got me 3133.7 reward.

Note: This blog post doesn’t represent my employer by any meaning and was performed during my free time.Hi All
Publish At:2019-10-18 04:50 | Read:245 | Comments:0 | Tags:Vulnerabilities Vulnerability

How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.

A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could lead to a directory traversal, allowing a malicious container to replace or create files on a user’s workstation. This vulnerability stemmed from an incomplete fix of a previously disclose
Publish At:2019-10-18 04:35 | Read:181 | Comments:0 | Tags:Falco cve Detection Vulnerability

Case study: Searching for a vulnerability pattern in the Linux kernel

This short article describes the investigation of one funny Linux kernel vulnerability and my experience with Semmle QL and Coccinelle, which I used to search for similar bugs.The kernel bugSeveral days ago my custom syzkaller instance got an interesting crash. It had a stable reproducer and I started the investigation. Here I will take the opportunity to sa
Publish At:2019-10-18 04:20 | Read:160 | Comments:0 | Tags: Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud