HackDig : Dig high-quality web security articles

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authenticati
Publish At:2023-03-26 12:30 | Read:25835 | Comments:0 | Tags:APT Breaking News Hacking Security CVE-2023-23397 Cyberespio

Experts published PoC exploit code for Veeam Backup & Replication bug

Researchers released a PoC exploit code for a high-severity vulnerability in Veeam Backup & Replication (VBR) software. Veeam recently addressed a high-severity flaw, tracked as CVE-2023-27532, in Veeam Backup and Replication (VBR) software. An unauthenticated user with access to the Veeam backup service (TCP 9401 by default) can exploit the flaw to r
Publish At:2023-03-23 17:40 | Read:51727 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites. Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together to cre
Publish At:2023-03-22 17:16 | Read:74902 | Comments:0 | Tags:Breaking News Hacking Internet of Things exploit

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This i
Publish At:2023-03-21 17:15 | Read:74135 | Comments:0 | Tags:Software Vulnerabilities Application Security Endpoint Threa

2022 Zero-Day exploitation continues at a worrisome pace

Experts warn that 55 zero-day vulnerabilities were exploited in attacks carried out by ransomware and cyberespionage groups in 2022. Cybersecurity firm Mandiant reported that ransomware and cyberespionage groups exploited 55 zero-day flaws in attacks in the wild. Most of the zero-day vulnerabilities were in software from Microsoft, Google, and Apple.
Publish At:2023-03-21 13:30 | Read:150823 | Comments:0 | Tags:APT Breaking News Hacking Intelligence Reports Security hack

Hitachi Energy breached by Clop gang through GoAnywhere Zero-Day exploitation

Hitachi Energy disclosed a data breach, the Clop ransomware gang stole the company data by exploiting the recent GoAnywhere zero-day flaw. Hitachi Energy disclosed a data breach, the company was hacked by the Clop ransomware gang that stole its data by exploiting the recently disclosed zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer).
Publish At:2023-03-17 18:52 | Read:211879 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Hacking Malware clop r

CISA Warns of Adobe ColdFusion Vulnerability Exploited in the Wild

On March 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The said vulnerability impacts Adobe ColdFusion and is actively exploited by threat actors.Details on the VulnerabilityThe flaw in question is CVE-2023-26360, with a CVSS score of 8.6. The vulnerability
Publish At:2023-03-16 10:51 | Read:127691 | Comments:0 | Tags:Cybersecurity News Vulnerability exploit CISA

SECURITY ALERT: Actively Exploited Microsoft Outlook Vulnerability Imperils Microsoft 365 Apps

The cyber-research community raises concerns over an unpatched vulnerability that puts the Microsoft 365 suite at risk. Earmarked CVE-2023-23397, the vulnerability allows an unauthenticated threat actor to obtain the user’s credentials by passing along a crafted email package. Research suggests that the bug, which was formally attributed to a Microsoft Outlo
Publish At:2023-03-16 10:51 | Read:143868 | Comments:0 | Tags:Security alerts Threat center Vulnerability exploit security

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Multiple threat actors exploited a critical flaw in Progress Telerik to breach an unnamed US federal agency, said the US government. A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) revealed that multiple threat a
Publish At:2023-03-16 08:20 | Read:92592 | Comments:0 | Tags:Breaking News Hacking Malware hacking news information secur

CISA adds Adobe ColdFusion bug to Known Exploited Vulnerabilities Catalog

US CISA added an actively exploited vulnerability in Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 (CVSS score: 8.6), to its Known Exploited Vulnerabilities Catalog. This week Adobe released s
Publish At:2023-03-16 05:20 | Read:107285 | Comments:0 | Tags:Breaking News Security Adobe ColdFusion Hacking hacking news

Security Firm Rubrik breached by Clop gang through GoAnywhere Zero-Day exploitation

Data security firm Rubrik discloses a data breach, attackers exploited recent GoAnywhere zero-day to steal its data. Cybersecurity firm Rubrik disclosed a data breach, a ransomware group stolen compeny data by exploiting the recently disclosed zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. The company was the victim of a
Publish At:2023-03-15 07:22 | Read:97671 | Comments:0 | Tags:Breaking News Cyber Crime Data Breach Hacking Malware clop r

Microsoft Patch Tuesday fix Outlook zero-day actively exploited

Microsoft Patch Tuesday updates for March 2023 addressed 74 vulnerabilities, including a Windows zero-day exploited in ransomware attacks. Microsoft Patch Tuesday security updates for March 2023 addressed 74 new vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Edge (Chromium-based); Microsoft Dynamics; Visual Stud
Publish At:2023-03-14 18:52 | Read:52234 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Adobe fixed ColdFusion flaw listed as under active exploit

Adobe is warning that a critical zero-day flaw in ColdFusion web app development platform was exploited in very limited attacks. Software giant Adobe released security updates for ColdFusion versions 2021 and 2018 to resolve a critical flaw, tracked as CVE-2023-26360 (CVSS base score 8.6), that was exploited in very limited attacks. “Adobe is awa
Publish At:2023-03-14 15:30 | Read:72082 | Comments:0 | Tags:Breaking News Security Adobe Cold Fusion Hacking hacking new

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. Th
Publish At:2023-03-13 17:50 | Read:86916 | Comments:0 | Tags:Breaking News Security CISA Hacking hacking news information

PlugX malware delivered by exploiting flaws in Chinese programs

Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. Sunlogin RCE v
Publish At:2023-03-11 19:28 | Read:98366 | Comments:0 | Tags:Breaking News Hacking Malware hacking news information secur

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud