HackDig : Dig high-quality web security articles

Lenovo Patches UEFI Code Execution Vulnerability Affecting Many Laptops

Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution.Researchers at cybersecurity firm ESET discovered a total of three buffer overflow vulnerabilities that can allow an attacker with local privileges to affected Lenovo devices to execu
Publish At:2022-07-13 16:13 | Read:348 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Vulnerabilities Vulner

Patch Tuesday July 2022 – Microsoft Releases Fixes for 80+ Known Issues, Including a Zero-Day Vulnerability

The second Tuesday of June comes with ‘goodies’ aplenty from Microsoft – 80+ fixes for issues ranging from denial of services to remote code execute, security features bypass, elevations of privilege, and of course, information disclosure. Microsoft has also addressed a zero-day vulnerability that could have allowed threat actors to remotely execute code on
Publish At:2022-07-13 13:41 | Read:601 | Comments:0 | Tags:Patch Tuesday Updates Vulnerability

Defending Aircraft Networks Against Cybersecurity Breaches

The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have fully adopt
Publish At:2022-07-11 01:06 | Read:325 | Comments:0 | Tags:Featured Articles ICS Security aircraft Aviation Critical In

What is a Security Content Automation Protocol (SCAP)?

Security Content Automation Protocol (SCAP) is a security-centric methodology that enables organizations to automate software vulnerability management, measure and evaluate the policy compliance levels based on specific, industry standards, and opt-in for extra security padding, if necessary. SCAP is a collection of community-accepted security standards, hos
Publish At:2022-07-08 13:41 | Read:390 | Comments:0 | Tags:Vulnerability security

Cisco Patches Critical Vulnerability in Enterprise Communication Solutions

Cisco this week announced the availability of patches for a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products that could allow an attacker to overwrite files on the underlying operating system with root privileges.According to Cisco, the vulnerability impacts Expressway Control (Expressway-C) and
Publish At:2022-07-08 12:03 | Read:411 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

OpenSSL Patches Remote Code Execution Vulnerability

OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices.The open source group rates t
Publish At:2022-07-07 12:03 | Read:426 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Update now! Chrome patches ANOTHER zero-day vulnerability

Google has released version 103.0.5060.114 for Chrome, now available in the Stable Desktop channel worldwide. The main goal of this new version is to patch CVE-2022-2294. CVE-2022-2294  is a high severity heap-based buffer overflow weakness in the Web Real-Time Communications (WebRTC) component which is being exploited in the wild. This is the fourth Chro
Publish At:2022-07-05 16:02 | Read:444 | Comments:0 | Tags:Exploits and vulnerabilities cve-2022-2294 heap buffer overf

Emergency Chrome 103 Update Patches Actively Exploited Vulnerability

While many expected — or at least hoped — that the 4th of July would be quiet on the cybersecurity front, Google on Monday announced the release of an emergency Chrome update that patches an actively exploited zero-day vulnerability.The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to G
Publish At:2022-07-04 20:11 | Read:507 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Django fixes SQL Injection vulnerability in new releases

The Django project, an open source Python-based web framework has patched a high severity vulnerability in its latest releases.Tracked as CVE-2022-34265, the potential SQL Injection vulnerability exists in Django's main branch, and versions 4.1 (currently in beta), 4.0, and 3.2. New releases and patches issued tod
Publish At:2022-07-04 09:48 | Read:553 | Comments:0 | Tags:Security Vulnerability

Amazon Photos vulnerability could have given attackers access to user files and data

Amazon has patched a flaw in the Amazon Photos app which could have allowed an attacker to steal and use a user’s unique access token that verifies their identity across multiple Amazon APIs. That would give attackers access to a trove of information, since many of these APIs contain personal data, such as names, email addresses, and home addresses.
Publish At:2022-06-30 11:52 | Read:500 | Comments:0 | Tags:Exploits and vulnerabilities amazon Amazon Drive Amazon Phot

Vulnerability in Amazon Photos Android App Exposed User Information

Cybersecurity firm Checkmarx has published details on a high-severity vulnerability in the Amazon Photos Android application that could have allowed malicious apps to steal an Amazon access token.With more than 50 million downloads, Amazon Photos offers cloud storage, allowing users to store photos and videos at their original quality, as well as to print an
Publish At:2022-06-30 08:05 | Read:543 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

CISA warns of hackers exploiting PwnKit Linux vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.The security flaw, identified as CVE-2021-4034, was found in the Polkit's pkexec component used by all major distributions (including Ubuntu, Debian, Fedora, and CentOS).PwnKit is a memory corrupt
Publish At:2022-06-29 13:58 | Read:461 | Comments:0 | Tags:Security Vulnerability exploit CISA hack

Azure Service Fabric Vulnerability Can Lead to Cluster Takeover

Microsoft has patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster.Tracked as CVE-2022-30137, the vulnerability impacts Service Fabric, Microsoft’s container orchestrator that provides management of services across container clusters. Microsoft says Service Fabric
Publish At:2022-06-29 12:02 | Read:419 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Amazon fixes high-severity vulnerability in Android Photos app

Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store.Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features.Amazon Photos o
Publish At:2022-06-29 09:47 | Read:609 | Comments:0 | Tags:Security Mobile Vulnerability android

CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by
Publish At:2022-06-28 16:12 | Read:381 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud