HackDig : Dig high-quality web security articles for hacker

Case study: Searching for a vulnerability pattern in the Linux kernel

This short article describes the investigation of one funny Linux kernel vulnerability and my experience with Semmle QL and Coccinelle, which I used to search for similar bugs.The kernel bugSeveral days ago my custom syzkaller instance got an interesting crash. It had a stable reproducer and I started the investigation. Here I will take the opportunity to sa
Publish At:2019-10-18 04:20 | Read:234 | Comments:0 | Tags: Vulnerability

Sustes malware updated to spread via vulnerability in Exim (CVE-2019-10149)

A new wave of attacks by the Sustes cryptominer is infecting computers via a June vulnerability in the Exim mail server. Starting on August 11, our PT Network Attack Discovery network sensors have detected attempts to exploit mail servers in incoming network traffic.Scanning is performed from address 154.16.67[.]133. The command in the RCPT TO field triggers
Publish At:2019-10-18 04:20 | Read:316 | Comments:0 | Tags: Vulnerability

Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability

Title: Yahei-PHP Prober v0.4.7 (speed) Remote HTML Injection Vulnerability Advisory ID: ZSL-2019-5531 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 24.07.2019SummaryDetection of system web server operating environment. Description
Publish At:2019-10-18 00:00 | Read:530 | Comments:0 | Tags: Vulnerability

V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability

Title: V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability Advisory ID: ZSL-2019-5535 Type: Local/Remote Impact: Spoofing Risk: (3/5) Release Date: 26.09.2019SummaryGPON is currently the leading FTTH standard in broadband accesstechnology being widely deplo
Publish At:2019-10-18 00:00 | Read:621 | Comments:0 | Tags: Vulnerability

V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability

Title: V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability Advisory ID: ZSL-2019-5537 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 26.09.2019SummaryGPON is currently the leading FTTH standard in broadband accesstechnology being wide
Publish At:2019-10-18 00:00 | Read:816 | Comments:0 | Tags: Xss Vulnerability

Older Amazon Devices Subject to Old Wi-Fi Vulnerability

The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.Som old Amazon devices contain an even older Wi-Fi vulnerability that can be exploited in man-in-the-middle attacks.The vuln - KRACK, or Key Reinstallation Attack - is a flaw in the four-way WPA2 handshake that begins the protec
Publish At:2019-10-17 23:40 | Read:332 | Comments:0 | Tags: Vulnerability

Prying-Eye: the vulnerability that opens the door to industrial espionage

Industrial espionage is a serious problem for companies. And these days, cyberattacks make it easier than ever to access confidential information or patents found inside an organization. If a cyberattacker manages to steal this kind of data, the victim could be seriously damaged. And not just at a reputational level, but also economically speaking:  a stolen
Publish At:2019-10-15 22:35 | Read:275 | Comments:0 | Tags:News Security business vulnerabilities Vulnerability

15 Easy, Effective Ways to Start Winning Back Your Online Privacy

Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back. Like most people, the internet knows way too much about me — my age, address, phone
Publish At:2019-10-12 11:20 | Read:522 | Comments:0 | Tags:Family Safety ad blockers children's privacy cloud security

iTunes Zero-Day Vulnerability Exploited by BitPaymer Ransomware

The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio
Publish At:2019-10-11 00:05 | Read:381 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vi

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

by Ashish Verma In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service
Publish At:2019-10-10 10:00 | Read:424 | Comments:0 | Tags:Vulnerabilities DevOps Vulnerability exploit

Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator

A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator.The audit was conducted by Radically Open Security as part of Mozilla’s Open Source Support program (MOSS), which aims to ensure that the open source ecosystem is “healthy and secure.” iTerm2 was selec
Publish At:2019-10-10 00:00 | Read:254 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

OpenDreamBox: the vulnerability that affects 32% of the world’s companies

The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack sur
Publish At:2019-10-09 10:35 | Read:403 | Comments:0 | Tags:News Security business IoT vulnerabilities Vulnerability

NSA Issues Advisory on VPN Vulnerability Trio

Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.The National Security Agency (NSA) this week issued an advisory with remediation steps for recently disclosed vulnerabilities in virtual private network (VPN) products from Palo Alto Networks, Fortinet, and Pulse Secure."Multiple Nation State Advanced Pers
Publish At:2019-10-08 23:50 | Read:195 | Comments:0 | Tags: Vulnerability

Code Execution Vulnerability Impacts NSA Reverse Engineering Tool

Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.Developed by the NSA’s Research Directorate for the agency’s cybersecurity missions, Ghidra is designed to help with malware analysis. The framework supports multiple platforms, incl
Publish At:2019-10-08 12:00 | Read:344 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Drupalgeddon2 Vulnerability Still Endangering CMSes

A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.A vulnerability that's been patched is still a vulnerability if patches haven't been applied. And unpatched vulnerabilities are catnip to criminals. That's the case with Drupalgeddon2 (CVE-2018-7600), a critical vulnerability in CMS pl
Publish At:2019-10-07 23:50 | Read:432 | Comments:0 | Tags: Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud