HackDig : Dig high-quality web security articles

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Researchers from the Citizen Lab and Google’s Threat Analysis Group (TAG) revealed that the three Apple zero-days addressed this week were used as part of an exploit to install Cytrox Predator spyware. Apple t
Publish At:2023-09-22 19:27 | Read:49154 | Comments:0 | Tags:Breaking News Hacking Intelligence Malware Mobile Apple Chro

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities
Publish At:2023-09-22 15:29 | Read:55332 | Comments:0 | Tags:Breaking News Hacking Security CISA hacking news information

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Cit
Publish At:2023-09-21 19:27 | Read:97190 | Comments:0 | Tags:Breaking News Hacking Mobile Android Firefox Zero-Day Apple

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Busines
Publish At:2023-09-20 03:35 | Read:141439 | Comments:0 | Tags:Breaking News Hacking Security Apex One hacking news informa

ThemeBleed exploit is another reason to patch Windows quickly

Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed comput
Publish At:2023-09-18 22:07 | Read:145244 | Comments:0 | Tags:Exploits and vulnerabilities News theme themepack Microsoft

Zero-Click Exploit in iPhones

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers
Publish At:2023-09-14 04:25 | Read:119092 | Comments:0 | Tags: exploit

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Microsoft's September 2023 Patch Tuesday is another important one. Not because it's a busy one, but because we have some special cases. Patch Tuesday includes security updates for 59 bugs, two of which are known to be actively exploited. The Cybersecurity & Infrastructure Security Agency (CISA) has added these two vulnerabilities to its Known Exploited V
Publish At:2023-09-13 22:07 | Read:127991 | Comments:0 | Tags:Business Exploits and vulnerabilities News Microsoft Adobe A

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office an
Publish At:2023-09-13 03:35 | Read:110262 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

The Cybersecurity & Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by October 2, 2023 in order to protect their devices against active thr
Publish At:2023-09-12 22:07 | Read:123841 | Comments:0 | Tags:Exploits and vulnerabilities News Blastpass citizenlab pegas

Update Chrome now! Google patches critical vulnerability being exploited in the wild

Google has released an update for Chrome Desktop which includes one critical security fix. There is an active exploit for the patched vulnerability, according to Google, which means cybercriminals are aware of the vulnerability and are using it. If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. The easiest way to
Publish At:2023-09-12 22:07 | Read:100387 | Comments:0 | Tags:Exploits and vulnerabilities News Google Chrome CVE-2023-486

Adobe fixed actively exploited zero-day in Acrobat and Reader

Software giant Adobe is warning of a critical security vulnerability in the PDF Acrobat and Reader that is actively exploited in the wild. Adobe Patch Tuesday security updates (APSB23-34) addressed a critical zero-day vulnerability actively exploited in the wild in attacks on Adobe Acrobat and Reader products. The vulnerability, tracked as CVE-2023-26
Publish At:2023-09-12 19:27 | Read:98483 | Comments:0 | Tags:Breaking News Security Adobe Hacking hacking news informatio

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

U.S. CISA adds vulnerabilities in Apple devices exploited to install NSO Group’s Pegasus spyware on iPhones to Known Exploited Vulnerabilities Catalog US Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerabilities chained in the zero-click iMessage exploit BLASTPASS to its Known Exploited Vulnerabilities Catalog. T
Publish At:2023-09-11 15:29 | Read:93783 | Comments:0 | Tags:Breaking News Security Apple Hacking hacking news informatio

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-33246 (CVSS score 9.8) affecting Apache RocketMQ to its Known Exploited Vulnerabilities Catalog. Several components of Apache RocketMQ, includin
Publish At:2023-09-09 14:15 | Read:149408 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks.
Publish At:2023-09-08 14:15 | Read:107024 | Comments:0 | Tags:Breaking News Hacking Security Akira ransomware CISCO ASA Ci

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The US agency has
Publish At:2023-09-08 08:09 | Read:102769 | Comments:0 | Tags:Breaking News Hacking Fortinet FortiOS SSL-VPN hacking news

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud

Keywords