HackDig : Dig high-quality web security articles for hackers

SonicWall releases second firmware updates for SMA 100 vulnerability

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat ac
Publish At:2021-02-20 13:36 | Read:253 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

[KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability

--------------------------------------------------------------docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability--------------------------------------------------------------[-] Software Link:https://docsify.js.org/[-] Affected Versions:Version 4.11.6 and prior versions.[-] Vulnerability Description:The vulnerability exists due to an incomplet
Publish At:2021-02-19 22:03 | Read:192 | Comments:0 | Tags: Vulnerability

Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as more and more products use open source code, the increase in the overall attack surface is inevitable, especially when open source code is not audited before use. Hence it is recommended to thoroughly test it for potential vulnerabilitie
Publish At:2021-02-18 21:07 | Read:128 | Comments:0 | Tags:McAfee Labs Vulnerability

Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK

The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. A byproduct of our robotic research w
Publish At:2021-02-18 21:05 | Read:143 | Comments:0 | Tags:McAfee Labs Vulnerability

AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2021-005 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions
Publish At:2021-02-18 14:51 | Read:119 | Comments:0 | Tags: Vulnerability

Half of Apps Contain at Least One Serious Exploitable Vulnerability

At least 50% of apps used in sectors such as manufacturing, public services, healthcare, retail, education and utilities contain one or more serious exploitable vulnerabilities, according to a new study by WhiteHat Security.This is particularly concerning given the shift to digital across most sectors in the past year increasing the number of apps being util
Publish At:2021-02-18 12:26 | Read:138 | Comments:0 | Tags: Vulnerability exploit

Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000

A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com.Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings. Bharad said he had attempted to find cross-site request forgery (CSRF), insecure direc
Publish At:2021-02-18 09:35 | Read:154 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cloud Xss Vulnerability

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

byPaul DucklinDigital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.According to Confiant, this group is behind a massive number of those annoying and sca
Publish At:2021-02-17 16:07 | Read:188 | Comments:0 | Tags:CVE-2021-1801 Exploit ios iPhone ScamClub vulnerability expl

QNAP patches critical vulnerability in Surveillance Station NAS app

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software.Surveillance Station is QNAP's network surveillance Video Management System (VMS), a software solution that can help users manage
Publish At:2021-02-17 11:49 | Read:92 | Comments:0 | Tags:Security Vulnerability

WebKit Zero-Day Vulnerability Exploited in Malvertising Operation

A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine.Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub. The group has been around for several years, launching ma
Publish At:2021-02-16 18:35 | Read:215 | Comments:0 | Tags:NEWS & INDUSTRY Fraud & Identity Theft Vulnerabiliti

On Vulnerability-Adjacent Vulnerabilities

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they were spotted, the researchers saw one exploit bei
Publish At:2021-02-15 14:38 | Read:186 | Comments:0 | Tags: Vulnerability

Naked Security Live – When is a bug bounty not a bug bounty?

byPaul DucklinWe discuss bug hunting – how to do it professionally, how NOT to do it, and how to react when bugs are reported to you:Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback or show subtitles.Related readingFor futher information, please take a look at the following:Have a domain
Publish At:2021-02-15 13:25 | Read:111 | Comments:0 | Tags:Security leadership Video Vulnerability bug-hunting Naked Se

Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability

Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers.South Korean security vendor ENKI published a report on the IE zero-day
Publish At:2021-02-15 11:23 | Read:60 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises

VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product.vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery.VMware has told customers that several versions of the product are a
Publish At:2021-02-15 08:45 | Read:127 | Comments:0 | Tags:Disaster Recovery NEWS & INDUSTRY Vulnerabilities Data P

TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s
Publish At:2021-02-12 11:55 | Read:209 | Comments:0 | Tags:Breaking News Hacking hacking news IBM InfoSphere Informatio

Tools

Tag Cloud