HackDig : Dig high-quality web security articles

CISA orders to patch an actively exploited flaw in Confluence servers

US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to its list of bugs abused in the wild, a flaw that can provide remote attackers with ha
Publish At:2022-07-30 14:10 | Read:274 | Comments:0 | Tags:Breaking News Security Confluence CVE-2022-26138 Hacking hac

CISA warns of critical Confluence bug exploited in attacks

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation.As Australian software firm Atlassian revealed last week, unpatched versions of the Questions for Confluence app (installed on
Publish At:2022-07-29 13:46 | Read:281 | Comments:0 | Tags:Security exploit CISA

Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center

Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to
Publish At:2022-07-29 08:10 | Read:301 | Comments:0 | Tags:Breaking News Hacking Atlassian CVE-2022-26138 hacking news

Exploitation of Recent Confluence Vulnerability Underway

Cybersecurity organizations warn that a recently patched vulnerability in the Questions for Confluence application is already being exploited in attacks.Questions for Confluence is an application designed to help Confluence users obtain information, share information with others, and to seek counsel from experts when necessary.Tracked as CVE-2022-26138 and c
Publish At:2022-07-28 12:03 | Read:258 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Cybe

Microsoft Catches Austrian Company Exploiting Windows, Adobe Zero-Days

Malware hunters at Microsoft have caught an Austrian hack-for-hire company exploiting zero-day flaws in Windows and Adobe software products in "limited and targeted attacks" against European and Central American computer users.The company, called DSIRF, has been linked to a malware suite called ‘Subzero’ that has been deployed over the last two years via zer
Publish At:2022-07-27 16:13 | Read:379 | Comments:0 | Tags:Cyberwarfare Disaster Recovery Endpoint Security Network Sec

Hackers exploited PrestaShop zero-day to breach online stores

Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information.The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its software to review their security stance after cyberattacks were
Publish At:2022-07-25 13:46 | Read:803 | Comments:0 | Tags:Security exploit hack

Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak

Atlassian has warned customers that a vulnerability in Questions for Confluence will likely be used in attacks after someone made public a piece of information needed to exploit a recently addressed vulnerability.A knowledge sharing application, Questions for Confluence helps Confluence users quickly access information or share it with others, as well as to
Publish At:2022-07-25 08:05 | Read:351 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers.Google announced on July 4 that it had released an update for Chrome 103 to patch a zero-day vulnerability tracked as CVE-2022-2294. The flaw has been described as a heap buffer overflow in We
Publish At:2022-07-22 16:13 | Read:223 | Comments:0 | Tags:Cyberwarfare Endpoint Security NEWS & INDUSTRY Virus &am

Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fi
Publish At:2022-07-22 05:26 | Read:384 | Comments:0 | Tags:Breaking News Hacking Intelligence Malware Candiru CVE-2022-

Exploitation of Recent Chrome Zero-Day Linked to Israeli Spyware Company

An actively exploited Chrome zero-day that Google patched on July 4 has been linked to an Israeli spyware company and used in targeted attacks aimed at entities in the Middle East.Google was informed about the vulnerability and attacks exploiting it on July 1 by cybersecurity company Avast, which observed it being used against its customers in the Middle Eas
Publish At:2022-07-21 12:03 | Read:187 | Comments:0 | Tags:Cyberwarfare NEWS & INDUSTRY Malware Vulnerabilities Cyb

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit

Title: Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit Advisory ID: ZSL-2022-5710 Type: Local/Remote Impact: System Access, DoS Risk: (4/5) Release Date: 20.07.2022SummarySpaceLogic C-Bus Home Automation SystemLighting control and automation solutions
Publish At:2022-07-20 16:21 | Read:488 | Comments:0 | Tags: exploit

Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover. This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action&#
Publish At:2022-07-19 11:52 | Read:295 | Comments:0 | Tags:Malwarebytes news compromise CVE exploit hijack JavaScript m

Threat actors exploit a flaw in Digium Phone Software to target VoIP servers

Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in
Publish At:2022-07-16 09:24 | Read:311 | Comments:0 | Tags:Breaking News Hacking Security Digium Phones hacking news in

Microsoft published exploit code for a macOS App sandbox escape flaw

Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted co
Publish At:2022-07-14 05:26 | Read:286 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

Microsoft releases tweet-size exploit for macOS sandbox escape bug

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system.The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow
Publish At:2022-07-13 17:56 | Read:440 | Comments:0 | Tags:Security exploit

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud