HackDig : Dig high-quality web security articles for hacker

Comtrend VR-3033 Multiple Command Injection vulnerability

##Timeline :*Bug sent to vendor : 17-02-2020*No Response after 10 days* Public disclosure: 27-02-020The Comtrend VR-3033 is prone to Multiple Authenticated Command Injectionvulnerability via ping and traceroute diagnostic page.Remote attackers are able to get full control and compromise the networkmanaged by the router.Note : This bug may exist in other Comt
Publish At:2020-02-28 04:55 | Read:112 | Comments:0 | Tags: Vulnerability

Cisco to Release Updates for Wireless Products Affected by Kr00k Vulnerability

Cisco says it will release patches for wireless devices affected by the recently disclosed Wi-Fi chip vulnerability named Kr00k. The company says the flaw impacts some of its routers, firewalls, access points and phones.Cybersecurity firm ESET revealed on Wednesday that over one billion Wi-Fi-capable devices were at one point affected by a vulnerability that
Publish At:2020-02-27 16:10 | Read:106 | Comments:0 | Tags:NEWS & INDUSTRY Wireless Security Vulnerabilities Mobile

Hacker Earns $8,500 for Vulnerability in HackerOne Platform

A white hat hacker has earned $8,500 for a serious vulnerability that exposed the email addresses of HackerOne users.Earlier this month, a hacker who uses the online moniker msdian7 discovered that a new feature introduced by the HackerOne bug bounty platform had resulted in a vulnerability that could have been exploited to obtain any HackerOne user’s email
Publish At:2020-02-27 08:35 | Read:169 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

NSA Releases Cloud Vulnerability Guidance

The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls.As a guidance document, it doesn’t attempt
Publish At:2020-02-27 01:57 | Read:207 | Comments:0 | Tags:Cloud cloud adoption NSA secure configuration Vulnerability

Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability

A recently disclosed zero-day vulnerability in Zyxel network-attached storage (NAS) devices also impacts over twenty of the vendor’s firewalls.The security flaw, which was issued CVE identifier CVE-2020-9054, can be exploited remotely, without authentication to execute arbitrary code on the affected devices.Residing in the weblogin.cgi CGI program, the issue
Publish At:2020-02-27 01:00 | Read:205 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Kr00k Vulnerability Exposed Data From Over a Billion Wi-Fi Devices

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday.Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key
Publish At:2020-02-26 13:37 | Read:79 | Comments:0 | Tags:NEWS & INDUSTRY Wireless Security Vulnerabilities Data P

Kr00k Wi-Fi Vulnerability Affected a Billion Devices

Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.RSA Conference 2020 – San Francisco – A vulnerability in the way that two Wi-Fi chipsets handled network
Publish At:2020-02-26 13:34 | Read:110 | Comments:0 | Tags: Vulnerability

OpenSMTPD Vulnerability Leads to Command Injection

An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution.OpenSMTPD is the open source implementation of the Simple Mail Transfer Protocol (SMTP) in OpenBSD, and its portable version can run on multiple Linux distributions, and Apple’s Mac OS X platform.Tracked as C
Publish At:2020-02-26 09:10 | Read:210 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Vulnerabilities Vulnerabi

Zyxel addresses Zero-Day vulnerability in NAS devices

Tech vendor Zyxel addresses a critical vulnerability in several network-attached storage (NAS) devices that is already being exploited in the wild. Zyxel has released security patches to address a critical remote code execution vulnerability, tracked as CVE-2020-9054, that affects several NAS devices. The flaw can be exploited by an unauthenticated attack
Publish At:2020-02-25 16:34 | Read:80 | Comments:0 | Tags:Breaking News Hacking hacking news it security it security n

Zyxel Patches Zero-Day Vulnerability in Network Storage Products

Networking devices vendor Zyxel has released patches for several network attached storage (NAS) devices to address a critical vulnerability that is already being exploited by cybercriminals.Tracked as CVE-2020-9054, the issue is a remote code execution flaw that can be exploited without authentication and which resides in the weblogin.cgi CGI executable fail
Publish At:2020-02-25 14:15 | Read:178 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Google Patches Chrome Vulnerability Exploited in the Wild

A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild.The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by Chrome. Google has credited Clement Lecigne of its Threat Ana
Publish At:2020-02-25 07:16 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

D-Link DGS-1250 header injection vulnerability

D-Link DGS-1250 header injection vulnerability==============================================The latest version of this advisory is available at:https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txtOverview--------D-Link DGS-1250 switch is susceptible to a header injection vulnerability enablingattacker to steal the switch configuration.Descript
Publish At:2020-02-21 02:15 | Read:121 | Comments:0 | Tags: Vulnerability

To Rank or Not to Rank Should Never Be a Question

Let’s face it: Vulnerability management is not what it used to be a decade ago. Actually, it is not what it used to be a couple of years ago. Vulnerability management is one of those ever-evolving processes. Whether it is because of compliance mandates, board demands, an overall desire to reduce risk, all of these objectives or none, almost every organ
Publish At:2020-02-20 10:49 | Read:199 | Comments:0 | Tags:Endpoint Risk Management Software & App Vulnerabilities Clou

Firefox 73.0.1 fixes crashes, blank web pages and DRM niggles

byJohn E DunnFirefox version 73 has only been out for a week but already Mozilla has had to update it to version 73.0.1 to fix a range of browser problems and crashes, including when running on Linux machines.The list of issues is surprisingly long for a point release but, in most cases, the issues only happen in specific contexts. Despite this, some of the
Publish At:2020-02-20 07:51 | Read:165 | Comments:0 | Tags:Firefox Mozilla Security threats Vulnerability Web Browsers

CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability

The TrustedInstaller service running on the Windows operating systemhosts a COM service called Sxs Store Class; its ISxsStore interfaceprovides methods to install/uninstall assemblies via applicationmanifests files into the WinSxS store. These API methods were meant tobe available for users with administrative privileges only, but thelogic was unintentionall
Publish At:2020-02-18 13:36 | Read:176 | Comments:0 | Tags: Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud