HackDig : Dig high-quality web security articles

CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog.
Publish At:2022-08-05 09:25 | Read:136 | Comments:0 | Tags:Breaking News Security CISA Hacking hacking news information

NetStandard attack should make Managed Service Providers sit up and take notice

Managed Service Providers (MSPs), organizations that allow companies to outsource a variety of IT and security functions, are a growing market. Because they are a potential gateway to lots of company networks they make a very attractive target for cybercriminals. In a recent threat advisory Huntress noticed that an increasing number of Initial Access Brok
Publish At:2022-08-03 16:03 | Read:157 | Comments:0 | Tags:Security world cisa connectwise IAB kaseya MSP NetStandard s

CISA orders to patch an actively exploited flaw in Confluence servers

US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to its list of bugs abused in the wild, a flaw that can provide remote attackers with ha
Publish At:2022-07-30 14:10 | Read:274 | Comments:0 | Tags:Breaking News Security Confluence CVE-2022-26138 Hacking hac

CISA warns of critical Confluence bug exploited in attacks

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation.As Australian software firm Atlassian revealed last week, unpatched versions of the Questions for Confluence app (installed on
Publish At:2022-07-29 13:46 | Read:281 | Comments:0 | Tags:Security exploit CISA

US Cybersecurity Agency CISA to Open London Office

The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration.The cyber defense agency’s first Attaché Office will open later this month in London and its goal is to “serve as a focal point for international collaborati
Publish At:2022-07-19 12:03 | Read:226 | Comments:0 | Tags:NEWS & INDUSTRY Management & Strategy CISA security

CISA urges to fix multiple critical flaws in Juniper Networks products

CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA urges users and administrators to review the Juniper Networks security advisories page and apply security updates available for some products, including Junos Space, Contrail Networking and NorthStar Co
Publish At:2022-07-16 11:10 | Read:360 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

CISA orders agencies to patch new Windows zero-day used in attacks

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.Microso
Publish At:2022-07-12 17:56 | Read:463 | Comments:0 | Tags:Security Microsoft CISA

North Korean APT targets US healthcare sector with Maui ransomware

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health (HPH) sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory (CSA) from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury. CISA Director Jen Easterly also announced t
Publish At:2022-07-10 20:00 | Read:345 | Comments:0 | Tags:Ransomware APT cisa conti Cybersecurity and Infrastructure S

CISA orders federal agencies to patch CVE-2022-26925 by July 22

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of M
Publish At:2022-07-04 05:26 | Read:458 | Comments:0 | Tags:Breaking News Security CISA CVE-2022-26925 Hacking hacking n

CISA orders agencies to patch Windows LSA bug exploited in the wild

CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft's May 2022 updates.The flaw is an actively exploited Windows LSA (Local Security Authority) spoofing vulnerability tracked as CVE-2022-26925 and confir
Publish At:2022-07-01 13:46 | Read:377 | Comments:0 | Tags:Security Microsoft exploit CISA

CISA warns of hackers exploiting PwnKit Linux vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.The security flaw, identified as CVE-2021-4034, was found in the Polkit's pkexec component used by all major distributions (including Ubuntu, Debian, Fedora, and CentOS).PwnKit is a memory corrupt
Publish At:2022-06-29 13:58 | Read:436 | Comments:0 | Tags:Security Vulnerability exploit CISA hack

CISA warns orgs to switch to Exchange Online Modern Auth until October

CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication (MFA) support to Modern Authentication alternatives.Basic Auth (proxy authentication) is an HTTP-based auth scheme used by apps to
Publish At:2022-06-29 09:47 | Read:466 | Comments:0 | Tags:Security CISA

CISA-Funded Project Enables Students With Disabilities to Learn Cybersecurity

Cybersecurity workforce development organization CYBER.ORG on Monday announced the launch of Project Access, a national effort to provide cybersecurity education to blind and visually impaired students.Courtesy of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, the program will inc
Publish At:2022-06-29 08:04 | Read:318 | Comments:0 | Tags:NEWS & INDUSTRY Training & Certification CISA securi

CISA Calls for Expedited Adoption of Modern Authentication Ahead of Deadline

The US Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies and private organizations to switch to Modern Auth in Exchange Online before October 1, 2022.A legacy authentication method, Basic Auth does not support multi-factor authentication and requires that the user’s password is sent with each authentication request. It is use
Publish At:2022-06-29 08:04 | Read:1086 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Management & S

CISA Says 'PwnKit' Linux Vulnerability Exploited in Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.The flaw, which came to light in January, affects Polkit, a component designed for controlling system-wide privileges in Unix-like operating systems. Polkit is developed by Red Hat, but it’s also used by
Publish At:2022-06-28 16:12 | Read:378 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud