HackDig : Dig high-quality web security articles

Update your PaperCut application servers now: Exploits in the wild

PaperCut, maker of print management solutions, has urged product users to update as soon as possible. A security vulnerability which exploits unpatched servers has been seen in the wild, with serious ramifications for any organisation impacted. Two specific vulnerabilities are at the heart of this alert, and are ranked with severity scores of 9.8 (criti
Publish At:2023-04-26 22:02 | Read:311194 | Comments:0 | Tags:News PaperCut server exploit attack authentication update pa

Update your LearnPress plugins now!

It’s time for a reminder to ensure all of your WordPress plugins are fully up to date (or removed, if you don't need them). Bleeping Computer reports that as many as 75,000 WordPress sites may be open to several flaws in a plugin called LearnPress. Worse, the update tally for users of the plugin isn't doing particularly well, with a big slice of site o
Publish At:2023-01-30 22:15 | Read:195288 | Comments:0 | Tags:News wordpress learnpress vulnerability SQL injection update

Riot Games compromised, new releases and patches halted

Popular game developer Riot Games brings word of a system compromise which may cause issues for updates to well known titles, although for the time being it seems as though customer data isn't affected. A social engineering development Making the notification via Twitter late last week, we’re still waiting on the full story as an investigation tak
Publish At:2023-01-24 22:15 | Read:315007 | Comments:0 | Tags:News Riot Games valorant league of legends compromise develo

Critical OpenSSL fix due Nov 1—what you need to know

A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions starting with a 1 are unaffected. A separate release for that branch
Publish At:2022-10-27 22:11 | Read:370432 | Comments:0 | Tags:News fix bug vulnerability exploit attack patch update OpenS

CISA or CVSS: How Today’s Vulnerability Databases Work Together

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and use th
Publish At:2022-08-22 12:34 | Read:658883 | Comments:0 | Tags:Software Vulnerabilities Data Protection Risk Management CIS

8 security tips for small businesses

Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have the size or budget to have a fully-fledged dedicated security team, it often comes down to a smaller staff that doesn’t have the time to do everything that is recommended or even required. Often security issues are just dealt with whe
Publish At:2022-05-04 12:48 | Read:502870 | Comments:0 | Tags:How-tos Awareness backups byod credentials education encrypt

GitLab issues security updates; watch out for hard coded passwords

p>GitLab has issued several critical security updates, with users of the version control software urged to upgrade their installations as soon as possible. One of the fixes is for a hard coded password issue. What is distributed version control? Distributed version control is a way for an organisation’s codebase to be mirrored on the devices of anyone
Publish At:2022-04-05 07:14 | Read:681447 | Comments:0 | Tags:Privacy CVE gitlab hard coded password patch update security

Apply those updates now: CVE bypass offers up admin privileges for Windows 10

If you’re running Windows 10, it’s time to stop delaying those patches and bring your systems up to date as soon as possible. Bleeping Computer reports that a researcher has come up with a bypass for an older bug, which could serve up some major headaches if left to fester. Those headaches will take the form of unauthorised admin privileges in Windows 10,
Publish At:2022-02-01 08:50 | Read:594613 | Comments:0 | Tags:Malwarebytes news CVE CVE-2022-21882 exploit hack microsoft

Why we don’t patch, with Jess Dodson: Lock and Code S03E02

In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final, economic impact—in ransoms paid but also in downtime and rec
Publish At:2022-01-18 16:42 | Read:334048 | Comments:0 | Tags:Podcast Jess Dodson lock and code lock and code podcast patc

Apache patch proves patchy – now you need to patch the patch

byPaul DucklinSoftware patches are sometimes a bit like buses.You don’t get one for a while, and then three come at once.For buses on busy urban routes, at least, the explanation of the phenomenon goes something like this.If three buses start out travelling the same route together in a nicely spaced sequence, then the first one is most likely to be the
Publish At:2021-10-08 12:29 | Read:434697 | Comments:0 | Tags:Vulnerability Apache CVE-2021`-41773 Patch vulnerability

Patch now! Emergency fix for PrintNightmare released by Microsoft

Last week we wrote about PrintNightmare, a vulnerability that was supposed to be patched but wasn’t. After June’s Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued a set of out-of-band patches that sets that aims to set that right by fixing the Window
Publish At:2021-07-07 12:51 | Read:395456 | Comments:0 | Tags:Exploits and vulnerabilities cisa microsoft patch printnight

Apple patches dangerous security holes, one in active use – update now!

byPaul DucklinWe’ve seen several news stories talking up some great new features in Apple’s latest software update for iOS, which was released yesterday.However, we’re much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by 43 different CVE bug numbers.For what
Publish At:2021-05-25 12:52 | Read:377801 | Comments:0 | Tags:Apple iOS OS X Privacy Security threats Vulnerability hack i

Another Chrome zero-day exploit – so get that update done!

byPaul DucklinAlmost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code.Patch now, we said.And we’re saying it again, following Google’s otherwise cheery release of version 89.0.4389.72:The Chrome team is delighted to announce t
Publish At:2021-03-03 23:19 | Read:379675 | Comments:0 | Tags:Google Google Chrome Vulnerability 0 day Bug chrome Chromium

The story of ZeroLogon

This is the story of a vulnerability that was brought about by the incorrect use of an encryption technique. After it was discovered by researchers, the vulnerability was patched and that should have been the end of the story. Unfortunately the patch caused problems of its own, which made it very unpopular. Cybercriminals seized the opportunity to use the vu
Publish At:2021-01-19 15:42 | Read:355031 | Comments:0 | Tags:Exploits and vulnerabilities cve-2020-1472 elevation of priv

Building Your Team up to Win the Security Arms Race

In a fast-changing world, stopping to assess your success isn’t really an option anymore. It is increasingly important that security teams are constantly proving their worth and tracking their successes with a view to constantly improving so as to not to get caught behind the times and therefore exposed.How to Make Sure You’ve Got the Momentum You NeedI’d li
Publish At:2020-09-17 01:02 | Read:366172 | Comments:0 | Tags:IT Security and Data Protection compliance File Integrity Mo


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud