HackDig : Dig high-quality web security articles for hackers

DNSpooq bugs haunt dnsmasq

The research team at JSOF found seven vulnerabilities in dnsmasq and have dubbed them DNSpooq, collectively. Now, some of you may shrug and move on, probably because you haven’t heard of dnsmasq before. Well, before you go, you should know that dnsmasq is used in a wide variety of phones, routers, and other network devices, besides some Linux distribut
Publish At:2021-01-21 14:30 | Read:112 | Comments:0 | Tags:Exploits and vulnerabilities buffer overflow cve-2020-25681

Microsoft squishes 129 bugs with Patch Tuesday updates

byDanny BradburyWhoosh. You hear that? It’s the sound of Microsoft’s security fire hose spraying out a river of CVE fixes. That’s right – Patch Tuesday was this week and the software giant released patches to fix 129 CVEs.The lion’s share of the bugs are rated important, but there are 11 CVEs rated critical. They are remote code
Publish At:2020-06-11 07:24 | Read:636 | Comments:0 | Tags:Internet Explorer Microsoft Microsoft Edge Windows CVEs remo

Windows has a zero-day that won’t be patched for weeks

byJohn E DunnCybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The Remote Code Execution (RCE) vulnerabilities affect Adobe Type Manager (ATM) Library, the part of Windows that manages PostScript Type 1 fonts.For now, there are no CVE identifiers and the only confirmed details are in
Publish At:2020-03-25 09:06 | Read:1104 | Comments:0 | Tags:Microsoft Operating Systems Security threats Vulnerability W

Most of Linux distros affected by a critical RCE in PPP Daemon flaw

A critical remote code execution vulnerability affecting the PPP Daemon exposes most Linux systems to cyber attacks. A 17-year-old critical remote code execution vulnerability affecting the PPP Daemon software exposes most Linux systems to hack. The US-CERT issued a security advisory warning users of the RCE in the PPP daemon (pppd) software that
Publish At:2020-03-06 05:40 | Read:1178 | Comments:0 | Tags:Breaking News Hacking it security it security news Pierluigi

Update now – WhatsApp flaw gave attackers access to local files

byJohn E DunnDoes WhatsApp have a lot of vulnerabilities or are there simply a lot of people looking for them?Ask PerimeterX researcher Gal Weizman, who last year set about poking the world’s most popular messaging platform to see whether he could turn up any new weaknesses.Sure enough, this week we learned that he uncovered a clutch of vulnerabilities that
Publish At:2020-02-06 12:35 | Read:1059 | Comments:0 | Tags:Google Privacy Security threats Facebook PerimeterX remote c

CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution

Apache Struts is a free and open-source framework used to build Java web applications. We looked into past several Remote Code Execution (RCE) vulnerabilities reported in Apache Struts, and observed that in most of them, attackers have used Object Graph Navigation Language (OGNL) expressions. The use of OGNL makes it easy to execute arbitrary code remotely b
Publish At:2017-03-10 01:15 | Read:4810 | Comments:0 | Tags:Exploits Vulnerabilities Apache Struts CVE-2017-5638 Remote

A flaw in ESET Endpoint Antivirus allows to hack Apple Macs, patch it now

A flaw in ESET Endpoint Antivirus is exploitable to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. According to the security advisory published by Google Security Team’s Jason Geffner and Jan Bee on Seclists, it is possible to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. The
Publish At:2017-02-28 06:45 | Read:5134 | Comments:0 | Tags:Breaking News Hacking CVE-2016-0718 ESET Endpoint Antivirus

VERT Threat Alert: Cisco WebEx Browser Extension Remote Code Execution

Vulnerability DescriptionA vulnerability in the Cisco WebEx Browser extension for Chrome, Firefox, and Internet Explorer could be used to execute code on a victim system. It is trivial to exploit the vulnerability and sample exploit code has been released publicly. The vulnerability leverages command execution in the launch_meeting message via a message even
Publish At:2017-01-26 04:00 | Read:8244 | Comments:0 | Tags:Vulnerability Management Cisco remote code execution threat

Google Android security bulletin October 2016: remote code execution vulns continue

The October Android Security Bulletin contains 78 patches for Android devices — 23 more than last month, yet the third highest since Google started releasing the monthly patches. The release reveals more remote code execution (RCE) vulnerabilities, which could allow an attacker to take over a device requiring very little interaction from the victim. Given th
Publish At:2016-10-10 18:45 | Read:3760 | Comments:0 | Tags:Security android Android Security Bulletin google mobile sec

Millions of Xiaomi Smartphone vulnerable to remote hacking

Millions of Xiaomi smartphone are affected by a critical remote code execution flaw that could be exploited by hackers to take over the mobile devices. Millions of Xiaomi mobile are vulnerable to remote hacking due to a critical remote code execution (RCE) vulnerability that could be exploited by hackers to take over the mobile devices. The flaw was discover
Publish At:2016-07-14 19:20 | Read:4392 | Comments:0 | Tags:Breaking News Hacking Mobile Android MITM mobile RCE Remote

Severe Swagger Remote Code Execution flaw compromises NodeJS, Ruby, PHP, Java

This disclosure of an unpatched Remote Code Exec flaw in the Swagger API framework compromises NodeJS, Ruby, PHP, and Java. Swagger is a representation of RESTful API that allows developers to get interactive documentation, client SDK generation and discoverability. The Swagger generators are privileged tools for organisations to offer developers easy access
Publish At:2016-06-24 05:45 | Read:4621 | Comments:0 | Tags:Breaking News Hacking Security CVE-2016-5641 Parameter Injec

Apple patched a mysterious flaw in Apple AirPort devices

Apple issued a security update to fix a nine-month-old DNS parsing flaw affecting Apple AirPort routers but avoided providing further info on the issue. Apple has issued a security update to fix a nine-month-old DNS parsing vulnerability affecting its AirPort routers. Apple has released a firmware update 7.6.7 and 7.7.7 that runs on  AirPort Express, AirPort
Publish At:2016-06-21 04:45 | Read:3914 | Comments:0 | Tags:Breaking News Hacking Apple AirPort CVE-2015-7029 Remote Cod

CISCO warns customers of high-severity flaws in modems and gateways

Cisco released a series of software updates to patch several high severity flaws in its cable modems, residential gateways and security appliances. Cisco just patched critical vulnerabilities in its cable modems, residential gateways and security appliances. The security updates released this week fix serious flaws in Cisco residential reported by Kyle Lovet
Publish At:2016-03-13 23:35 | Read:4346 | Comments:0 | Tags:Breaking News Security CISCO DOS gateways Hacking informatio

Discover how many ways there were to hack your Apple TV

Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution and information disclosure. IoT devices are enlarging our attack surface, we are surrounded by devices that manage a huge quantity of information and that could be abused by hackers. Apple has patched more than 60 vulnerabilities a
Publish At:2016-02-26 09:45 | Read:3977 | Comments:0 | Tags:Breaking News Hacking Security Apple TV IoT privacy Remote C

Microsoft Patch Tuesday – January 2016

The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explor
Publish At:2016-01-12 19:55 | Read:3890 | Comments:0 | Tags:Threat Research ASLR bypass Microsoft patch tuesday remote c

Tools

Tag Cloud