HackDig : Dig high-quality web security articles for hackers

Apple Pays Researcher $100,000 for Critical Vulnerability

Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.Apple has paid security researcher Bhavuk Jain $100,000 for the discovery of a critical flaw in its "Sign in with Apple" feature. The now-patched vulnerability, if exploited, could have let attackers bypass authent
Publish At:2020-06-01 17:35 | Read:11 | Comments:0 | Tags: Vulnerability

No password required! “Sign in with Apple” account takeover flaw patched

byPaul DucklinA security reseacher from Delhi in India is a tidy $100,000 richer thanks to a bug bounty payout from Apple for an account takeover flaw that he discovered in the Sign in with Apple system.Bhavuk Jain, a serial bug bounty hunter, has described how he found the sort of bug that leaves you thinking, “It can’t have been that simple!
Publish At:2020-06-01 11:53 | Read:55 | Comments:0 | Tags:Apple Vulnerability responsible disclosure security bypass s

Researcher Claims Apple Paid $100,000 for 'Sign in With Apple' Vulnerability

A security researcher claims Apple paid a $100,000 bug bounty reward for a critical vulnerability in Sign in with Apple, the company’s privacy-focused authentication system.The vulnerability was reported to the Cupertino-based tech giant in April, and was found to impact third-party applications that were using Sign in with Apple without additional security
Publish At:2020-06-01 09:54 | Read:38 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Tripwire Patch Priority Index for May 2020

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal
Publish At:2020-05-31 23:20 | Read:104 | Comments:0 | Tags:Featured Articles VERT microsoft Priority Patch Index vulner

Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software.In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019.The vulnerability (CVE-2019-10149) first appeared in
Publish At:2020-05-29 09:32 | Read:138 | Comments:0 | Tags:IT Security and Data Protection Latest Security News MTA San

Vulnerability Disclosures Drop in Q1 for First Time in a Decade

Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.The number of vulnerabilities reported publicly dropped in the first quarter of 2020 for the first time in at least a decade, falling nearly 20% to 4,968 compared with the same quarter last year, ac
Publish At:2020-05-28 13:12 | Read:105 | Comments:0 | Tags: Vulnerability

Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app

byJohn E DunnResearchers have publicised a critical security flaw in Android which could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks.Discovered by Norwegian company Promon, the bug is called ‘StrandHogg 2.0’, the name denoting that this is an “evil twin” follow up to a similar flaw of the
Publish At:2020-05-28 07:31 | Read:61 | Comments:0 | Tags:Malware Phishing Vulnerability Android promon StrandHogg 2.0

Open source libraries a big source of application security flaws

byJohn E DunnHow many vulnerabilities lurk inside the bazillions of open source libraries that today’s developers happily borrow to build their applications?Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries use
Publish At:2020-05-27 08:10 | Read:86 | Comments:0 | Tags:Vulnerability development libraries open source bugs Veracod

StrandHogg 2.0 Vulnerability Allows Hackers to Hijack Android Devices

Researchers at Norwegian app security company Promon on Tuesday disclosed the existence of a serious Android vulnerability that allows a piece of malware to hijack nearly any application installed on the victim’s device.In December 2019, Promon warned that an Android vulnerability, which it dubbed StrandHogg, was being exploited by tens of malicious Android
Publish At:2020-05-26 14:55 | Read:116 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Docker Desktop danger discovered, patch now

byDanny BradburyDocker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. The bug, discovered by Ceri Coburn, a researcher at security consultancy Pen Test Partners, exposed Docker for Windows to privilege elevation.Docker is a container system that lets administrators run applications in thei
Publish At:2020-05-26 12:55 | Read:83 | Comments:0 | Tags:Vulnerability Windows Docker Desktop for Windows Docker Desk

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authen
Publish At:2020-05-26 10:24 | Read:81 | Comments:0 | Tags: Vulnerability

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization.Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics and be rea
Publish At:2020-05-26 04:17 | Read:160 | Comments:0 | Tags:Vulnerability Management VM Mountain vulnerability managemen

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could – he claims ̵
Publish At:2020-05-24 10:11 | Read:123 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Samsung vu

The 4 Stages to a Successful Vulnerability Management Program

Have you ever been around someone who is just better at something than you are? Like when you were in school and there was this person who was effortless at doing things correctly? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they were a consistently high performer at eve
Publish At:2020-05-24 10:11 | Read:187 | Comments:0 | Tags:Vulnerability Management processes vulnerability management

The top 10 most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.The l
Publish At:2020-05-24 09:59 | Read:68 | Comments:0 | Tags:Featured Articles IT Security and Data Protection vulnerabil

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud