HackDig : Dig high-quality web security articles for hacker

Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery

It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw.The United States Department of Homeland Security, through its Cybersecurity an
Publish At:2019-11-18 22:15 | Read:180 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

Facebook Discloses WhatsApp MP4 Video Vulnerability

A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.A severe vulnerability in the WhatsApp messenger could enable attackers to achieve remote code execution by sending target users a specially crafted MP4 video file, Facebook reports.The stack-based buffer overflow bug (CVE-2019-11931) exists in the
Publish At:2019-11-18 22:10 | Read:205 | Comments:0 | Tags: Vulnerability

WhatsApp Vulnerability Allows Code Execution Via Malicious MP4 File

A security vulnerability in WhatsApp that was made public last week could be abused to execute arbitrary code remotely on affected devices.Tracked as CVE-2019-11931, the issue is a stack-based buffer overflow that can be triggered by sending a specially crafted MP4 file via WhatsApp, Facebook explains in an advisory.The buffer overflow occurs when the applic
Publish At:2019-11-18 10:45 | Read:146 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig
Publish At:2019-11-13 22:15 | Read:190 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability in McAfee Antivirus Products Allows DLL Hijacking

A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence, SafeBreach security researchers have discovered.The security flaw could be abused to load unsigned DLLs into multiple services that run as NT AUTHORITYSYSTEM. The exploitation, however, requires for the attacker to have admin privile
Publish At:2019-11-13 22:15 | Read:205 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Virus Vulnerability

Magento Users Warned of Remote Code Execution Vulnerability

Popular ecommerce platform Magento is advising users to apply patches for a remote code execution flaw that could allow unauthenticated attackers to deliver malicious payloads.Tracked as CVE-2019-8144 and featuring a CVSS score of 10, the vulnerability impacts Magento 2.3 prior to 2.3.3 or 2.3.2-p1 and it can be abused to insert code through PageBuilder temp
Publish At:2019-11-12 22:15 | Read:285 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Vulnerability Values Fluctuate Between White, Grey and Black Hats

A black hat selling vulnerabilities can make as much money as a white hat researcher using bug bounty programs, or a grey hat working for a nation state doing reverse engineering. Speaking at a Tenable conference in London last week, director of research Oliver Rochford said that to have people do vulnerability research is expensive, and all of the whit
Publish At:2019-11-12 02:40 | Read:170 | Comments:0 | Tags: Vulnerability

What You Need to Know About the Google Chrome Vulnerabilities

While you might have been preoccupied with ghosts and goblins on Halloween night, a different kind of spook began haunting Google Chrome browsers. On October 31st, Google Chrome engineers issued an urgent announcement for the browser across platforms due to two zero-day security vulnerabilities, one of which is being actively exploited in the wild (CVE-2019-
Publish At:2019-11-11 23:20 | Read:91 | Comments:0 | Tags:Consumer Threat Notices computer security cybersafety cybers

Trend Micro Patches Code Execution Vulnerability in Anti-Threat Toolkit

Trend Micro recently patched a high-severity remote code execution vulnerability in its Anti-Threat Toolkit (ATTK).The Trend Micro ATTK tool allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections.Researcher John Page, aka hyp3rlinx, discovered that attackers can abuse ATTK to execute ar
Publish At:2019-10-23 22:15 | Read:424 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Maxthon Browser Vulnerability Can Help Attackers in Post-Exploitation Phase

Researchers have discovered a vulnerability in the Maxthon 5 Browser for Windows. Maxthon is a freeware browser developed by Maxthon Ltd, a firm headquartered in Beijing, China, and with offices in San Francisco, CA. Maxthon claims to be the default browser for 670 million worldwide users.The vulnerability was discovered by researchers at SafeBreach Labs, an
Publish At:2019-10-23 10:15 | Read:342 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar
Publish At:2019-10-21 16:50 | Read:414 | Comments:0 | Tags:A week in security amazon Dark Web domestic abuse domestic a

Pulse VPN patched their vulnerability, but businesses are trailing behind

In April 2019, Pulse Secure published an advisory about a vulnerability in their software. In August, cybercriminals were massively scanning for systems that were running a vulnerable version. Now it’s October, and still many organizations have not applied the patches that are available for this vulnerability. This is a trend we’ve seen repeated wi
Publish At:2019-10-18 16:50 | Read:531 | Comments:0 | Tags:Business cybercriminals exploit exploit kits exploits patch

SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject

SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: <= 9.0.3, <=10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium
Publish At:2019-10-18 10:50 | Read:393 | Comments:0 | Tags: Xss Vulnerability

Critical Security Vulnerability Disclosed in iTerm2 App

A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS.iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power users as a result of its many features and highly customiza
Publish At:2019-10-18 10:10 | Read:250 | Comments:0 | Tags:Latest Security News iTerm2 macOS vulnerability Vulnerabilit

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 1

The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to tou
Publish At:2019-10-18 10:10 | Read:241 | Comments:0 | Tags:Vulnerability Management ML1 VM Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud