HackDig : Dig high-quality web security articles

Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CV

Malwarebytes is happy to announce our Vulnerability Assessment module for OneView, our multi-tenant console where you can manage Malwarebytes Nebula accounts, subscriptions, invoicing, and integrations.  This module enables our MSPs to scan, identify, and assess vulnerabilities in customers’ digital ecosystems using our single lightweight agent.  
Publish At:2022-06-14 09:02 | Read:375 | Comments:0 | Tags:Malwarebytes news CVE MSP vulnerability Vulnerability

Update Chrome now: Four high risk vulnerabilities found

Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has also warned that the vulnerabilities could be used to take control of affected systems. Although no detailed explanation of how these vulnerabilities work has been released, there is enough out there to encourage users to apply the patch
Publish At:2022-06-13 12:59 | Read:196 | Comments:0 | Tags:Exploits and vulnerabilities chrome CVE exploit Google updat

Detecting and mitigating CVE-2022-26134: Zero day at Atlassian Confluence

A new zero day vulnerability actively exploited in the wild has been found in Atlassian Confluence. The vulnerability CVE-2022-26134 affects all supported versions of Confluence Server and Confluence Data Center allowing an unauthenticated user to run arbitrary commands remotely. The Atlassian team confirmed the vulnerability with an official tweet an
Publish At:2022-06-03 13:48 | Read:305 | Comments:0 | Tags:CVE Falco Sysdig Secure

Top CVE Trends — And What You Can Do About Them

Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs.What Is a CVE?The acronym “CVE” stands for Common Vulnerabilities and Exposures, and it ref
Publish At:2022-06-02 02:13 | Read:474 | Comments:0 | Tags:Featured Articles Vulnerability Management CVE

Trends at Blackhat Asia 2022 – Kubernetes, Cloud Security and more

This week BlackHat Asia 2022 took place in hybrid mode. It’s one of the most important events within the #infosec community, where security experts show how far they can go. In this edition, the trend of talks and tools focused on improving the security of Kubernetes, Cloud Security or Supply Chain, either from the perspective of the blue team or the r
Publish At:2022-05-13 13:48 | Read:491 | Comments:0 | Tags:AWS CVE Docker Kubernetes Cloud security

VERT Threat Alert: May 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th.CVE-2022-26925In-The-Wild & Disclosed CVEsBased on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This month’s se
Publish At:2022-05-10 18:04 | Read:1227 | Comments:0 | Tags:Featured Articles VERT CVE Patch Tuesday

Compromising Read-Only Containers with Fileless Malware

Containers provide a number of security features that are not simply available on a normal host. One of those is the ability to make the container’s root filesystem read-only. By making the file system unable to be altered, it prevents an attacker from writing their malware executable to disk. Most attacks rely on writing files in order to work, but sophis
Publish At:2022-05-03 13:37 | Read:594 | Comments:0 | Tags:CVE Docker Kubernetes

Eliminate noise and prioritize the vulnerabilities that really matter with Risk Spotlight

Is your team drowning in container vulnerability noise? Are you spending a lot of time figuring out where to focus resources on and still missing dangerous vulnerabilities? Know that you are not alone. Container environments revolutionized app development by enabling unprecedented velocity, but not without a price. The use of readily available contain
Publish At:2022-04-20 01:49 | Read:857 | Comments:0 | Tags:CVE Docker Kubernetes Sysdig Sysdig Secure

Are vulnerability scores misleading you? Understanding CVSS severity and using them effectively

Vulnerabilities are everywhere. Vetting, mitigating, and remediating them at scale is exhausting for security practitioners. Let’s keep in mind that no organization has the capacity to find and fix all vulnerabilities. The key is to understand what a vulnerability is, interpret the meanings of the CVSS score, and prioritize and effectively use resource
Publish At:2022-04-20 01:49 | Read:801 | Comments:0 | Tags:CVE Docker Kubernetes Sysdig Sysdig Secure Vulnerability

VERT Threat Alert: April 2022 Patch Tuesday Analysis

span class="entry-content post-content">Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th.In-The-Wild & Disclosed CVEsCVE-2022-24521While not previously publicly disclosed, Microsoft is reporting that they have seen act
Publish At:2022-04-12 17:52 | Read:1922 | Comments:0 | Tags:Featured Articles VERT CVE Patch Tuesday

GitLab issues security updates; watch out for hard coded passwords

p>GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an organisation’s codebase to be mirrored on the devices of anyone
Publish At:2022-04-05 07:14 | Read:2262 | Comments:0 | Tags:Privacy CVE gitlab hard coded password patch update security

CVE-2022-0847: “Dirty Pipe” Linux Local Privilege Escalation

Right on the heels of CVE-2022-4092, another local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” by the discoverer. MITRE has designated this as CVE-2022-0847. Similar to the “Dirty COW” exploit (CVE-2016-5195), this flaw abuses how the Kernel manages pages in pipes and impacts the latest ve
Publish At:2022-03-10 01:48 | Read:864 | Comments:0 | Tags:CVE Docker Kubernetes Sysdig Secure privilege

CVE-2022-0492: Privilege escalation vulnerability causing container escape

Linux maintainers disclosed a privilege escalation vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0492 and is rated as a High (7.0) severity. The flaw occurs in cgroups permitting an attacker to escape container environments, and elevate privileges. The vulnerable code was
Publish At:2022-03-09 05:44 | Read:1449 | Comments:0 | Tags:CVE Falco Sysdig Secure Vulnerability privilege

VERT Threat Alert: March 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th.In-The-Wild & Disclosed CVEsCVE-2022-21990CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a maliciou
Publish At:2022-03-08 22:11 | Read:2533 | Comments:0 | Tags:Featured Articles VERT CVE Patch Tuesday

VERT Threat Alert: February 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th.In-The-Wild & Disclosed CVEsCVE-2022-21989This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not reporting any kno
Publish At:2022-02-08 22:10 | Read:947 | Comments:0 | Tags:Featured Articles VERT CVE Patch Tuesday

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3