HackDig : Dig high-quality web security articles for hackers

US Government Warns of Palo Alto Vulnerability

The US government has warned of a critical flaw in Palo Alto Networks equipment that could enable attackers to take over its devices with minimal skill.The warning, issued by US Cyber Command, urged people to patch all devices affected by the vulnerability immediately. It said that foreign advanced persistent threat actors will attempt to exploit it soon.Ple
Publish At:2020-06-30 15:30 | Read:86 | Comments:0 | Tags: Vulnerability

[KIS-2020-07] openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability

--------------------------------------------------------------openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability--------------------------------------------------------------[-] Software Link:https://opensis.com/[-] Affected Versions:Version 7.4 and prior versions.[-] Vulnerability Description:The vulnerable code is located in the /Bottom.php
Publish At:2020-06-30 10:12 | Read:136 | Comments:0 | Tags: Vulnerability

Find a PlayStation 4 vulnerability and earn over $50,000

Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network?If so, you could be heading towards a sizeable sum of money. That’s because Sony announced details of a new bug bounty program that it is running in co-ordination with vulnerability-reporting platform HackerOne.Sony is inviting security researchers, gamers
Publish At:2020-06-25 12:20 | Read:207 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Bug Bounty

Patch time! NVIDIA fixes kernel driver holes on Windows and Linux

byPaul DucklinThe latest security patches from NVIDIA, the maker of high-end graphics cards, are out.Both Windows and Linux are affected.NVIDIA hasn’t yet given out any real details about the bugs, but 12 different CVE-tagged flaws have been fixed, numbered sequentially from CVE-2020-5962 to CVE-2020-5973.As far as we can tell, none of the bugs can be
Publish At:2020-06-25 11:08 | Read:136 | Comments:0 | Tags:Uncategorized EoP kernel driver NVIDIA security patch vulner

Tripwire Patch Priority Index for June 2020

Tripwire’s June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle.Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle
Publish At:2020-06-24 18:40 | Read:172 | Comments:0 | Tags:VERT News microsoft patch priority index vulnerability

Vulnerability in OSIsoft PI System Can Facilitate Attacks on Critical Infrastructure

A stored cross-site scripting (XSS) vulnerability in OSIsoft PI System, a product often present in critical infrastructure facilities, can be exploited for phishing, privilege escalation and other purposes.OSIsoft PI System is a data management platform that delivers plant monitoring and analysis capabilities. According to the vendor’s website, PI System has
Publish At:2020-06-22 11:39 | Read:178 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities Vulnerabilit

AMD Preparing Patches for UEFI SMM Vulnerability

AMD last week said it was preparing patches for a vulnerability affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI) shipped with systems that use certain notebook and embedded processors.Discovered by security researcher Danny Odler in AMD’s Mini PC and tracked as CVE-2020-12890, the vulnerability is one of the thre
Publish At:2020-06-22 07:48 | Read:240 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Drupal addresses critical code execution vulnerability

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code
Publish At:2020-06-18 12:28 | Read:209 | Comments:0 | Tags:Breaking News Hacking Security CSRF Drupal hacking news info

Intel announces “exploit busting” features in its next processor chips

byPaul DucklinIntel is adding two new exploit detection systems into its forthcoming processors.The new technology has been at least four years in the making, according the chip giant’s recently updated specification document, which contains a “version 1.0” release date of June 2016.Intel’s PR machine has been making waves about the s
Publish At:2020-06-16 14:48 | Read:249 | Comments:0 | Tags:Uncategorized ASLR CET DEP Exploit gadget intel ROP vulnerab

10 Essential Bug Bounty Programs of 2020

In 2019, the State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. COVID-19 has changed the digital security landscape, as well. With that in mind, it’s time for an updated list.Here are 10 essential bug bount
Publish At:2020-06-15 06:53 | Read:172 | Comments:0 | Tags:Cyber Security Featured Articles Bug Bounty ethical hacker v

Vulnerability in Mitsubishi Controllers Can Allow Hackers to Disrupt Production

A potentially serious denial-of-service (DoS) vulnerability affecting some Mitsubishi Electric automation controllers can allow hackers to disrupt the production process in an industrial organization, experts have warned.The flaw, discovered by a researcher at industrial cybersecurity firm SCADAfence and reported to Mitsubishi in late February, was described
Publish At:2020-06-12 00:43 | Read:222 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities Vulnerabilit

Protocol Vulnerability Threatens Mobile Networks

A vuln in the GTP protocol could allow DoS, fraud, and data theft attacks against cellular networks from virtually anywhere.A protocol that allows millions of customers to use their mobile phones for data applications can also allow criminals to launch denial-of-service (DoS), user impersonation, and fraud cyberattacks. And according to a new report, the pro
Publish At:2020-06-11 16:56 | Read:241 | Comments:0 | Tags: Vulnerability

Another Intel Speculative Execution Vulnerability

Remember Spectre and Meltdown? Back in early 2018, I wrote: Spectre and Meltdown are pretty catastrophic vulnerabilities, but they only affect the confidentiality of data. Now that they -- and the research into the Intel ME vulnerability -- have shown researchers where to look, more is coming -- and what they'll find will be worse than either Spectre or Mel
Publish At:2020-06-11 08:37 | Read:152 | Comments:0 | Tags: Vulnerability

Details Released for Recently Patched Code Execution Vulnerability in Firefox

Cisco’s Talos threat intelligence and research group has released information on a recently addressed vulnerability in Firefox that could be exploited for code execution.Tracked as CVE-2020-12405 and featuring a CVSS score of 8.8, the issue was one of five high-severity bugs that were patched earlier this month with the release of Firefox 77. Tor Browser 9.5
Publish At:2020-06-11 01:33 | Read:208 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

'SMBleed' Vulnerability Impacts Windows SMB Protocol

One of the vulnerabilities that Microsoft addressed on June 2020 Patch Tuesday is a Server Message Block (SMB) protocol bug that could allow an attacker to leak kernel memory remotely, without authentication.Called SMBleed and tracked as CVE-2020-1206, the vulnerability could be chained with SMBGhost (CVE-2020-0796), a flaw addressed in March 2020, to achiev
Publish At:2020-06-10 13:58 | Read:129 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability


Share high-quality web security related articles with you:)