HackDig : Dig high-quality web security articles

Cisco addresses 3 critical vulnerabilities in IOS XE Software

Cisco fixed three critical flaws impacting IOS XE operating system powering some of its devices, such as routers and wireless controllers. Cisco has addressed three critical vulnerabilities impacting its IOS XE operating system powering multiple products, including routers and wireless controllers. The most severe of these vulnerabilities is a Remote C
Publish At:2021-09-24 08:36 | Read:46 | Comments:0 | Tags:Breaking News Security CISCO Cisco IOS XE Hacking hacking ne

SonicWall fixes critical bug allowing SMA 100 device takeover

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices.The SMA 100 series appliances vulnerable to attacks targeting the improper access control vulnerability tracked as CVE-2021-20034 includes SMA 200, 210, 400, 410,
Publish At:2021-09-24 05:02 | Read:39 | Comments:0 | Tags:Security

Web Security Provider Jscrambler Raises $15 Million

Client-side web security provider Jscrambler on Thursday announced that a $15 million Series A financing round led by Ace Capital Partners. Existing investors Sonae IM and Portugal Ventures also participated.The company said the investment will be used to expand marketing and sales initiatives in the United States and across Europe, as well as accelerate pro
Publish At:2021-09-23 23:43 | Read:97 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Apple addresses a new zero-day exploited to deploy the NSO Pegasus spyware

Apple has addressed three zero-day vulnerabilities exploited by threat actors in attacks in the wild to take over iPhones and Macs. Apple has released security updates to address three zero-day vulnerabilities exploited in attacks in the wild to compromise iPhones and Macs running vulnerable iOS and macOS versions. Apple confirmed that at least one of
Publish At:2021-09-23 17:20 | Read:163 | Comments:0 | Tags:Breaking News Security Apple Hacking hacking news informatio

Apple patches new zero-day bug used to hack iPhones and Macs

Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.The zero-day patched today (tracked as CVE-2021-30869) [1, 2] was found in the XNU operating system kernel and was reported by Erye Hernandez and Clément Lecigne o
Publish At:2021-09-23 17:08 | Read:174 | Comments:0 | Tags:Apple Security hack

Hacking group used ProxyLogon exploits to breach hotels worldwide

Image: Marten BjorkA newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.Slovakian internet security firm ESET spotted the hacking group (dubbed FamousSparrow) and
Publish At:2021-09-23 17:08 | Read:155 | Comments:0 | Tags:Security exploit hack

A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentials

A flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest Windows domain and app credentials from users worldwide. The Microsoft Autodiscover protocol feature
Publish At:2021-09-23 16:46 | Read:147 | Comments:0 | Tags:Breaking News Hacking Security Exchange Autodiscover hacking

What is Web Application Security? A Protective Primer for Security Professionals

Evolving threats put applications at risk. Robust web application security can help prevent compromise before it happens. Not sure where to start? Our protective primer has you covered. What Is Web Application Security?  Web application security focuses on the reduction of threats through the identification, analysis and remediation of potential w
Publish At:2021-09-23 16:33 | Read:181 | Comments:0 | Tags:Application Security Identity & Access Security Services Acc

Malware devs trick Windows validation with malformed certs

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software.This tactic is actively used to push OpenSUpdater, a family of unwanted software also known as riskware, which injects ads into victims' browsers and installs other unwanted programs onto their devices.Campaigns
Publish At:2021-09-23 13:12 | Read:129 | Comments:0 | Tags:Security Google Microsoft

[SANS ISC] Excel Recipe: Some VBA Code with a Touch of Excel4 Macro

I published the following diary on isc.sans.edu: “Excel Recipe: Some VBA Code with a Touch of Excel4 Macro“: Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sa
Publish At:2021-09-23 10:45 | Read:126 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Excel4 Macro SAN

REVil ransomware devs added a backdoor to cheat affiliates

Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.By using a cryptographic scheme that allowed them to decrypt any systems locked by REvil ransomware, the operators left their partners out of the deal and stole the entire ransom.Conversations about this pract
Publish At:2021-09-23 09:16 | Read:184 | Comments:0 | Tags:Security ransomware

Hackers are scanning for VMware CVE-2021-22005 targets, patch now!

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.The security flaw tracked as CVE-2021-22005 impacts all vCenter Server 6.7 and 7.0 deployments with default configurations.The flaw was repor
Publish At:2021-09-22 17:45 | Read:144 | Comments:0 | Tags:Security hack

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

CISA, FBI, and the NSA warned today of an escalation of the attacks of the Conti ransomware gang targeting US organizations. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) are warning of an increased number of Conti ransomware attacks against US organizations. @CISAgov and @FBI observed over 400 ransomware at
Publish At:2021-09-22 17:44 | Read:80 | Comments:0 | Tags:Breaking News Cyber Crime Security Cybercrime hacking news i

Phishing-as-a-service operation uses double theft to boost profits

Microsoft says BulletProofLink, a large-scale phishing-as-a-service (PhaaS) operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately.The threat actor behind BulletProofLink (also known as BulletProftLink and Anthrax) provides cybercriminals wit
Publish At:2021-09-22 17:08 | Read:183 | Comments:0 | Tags:Microsoft Security

FBI, CISA, and NSA warn of escalating Conti ransomware attacks

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations.The three US federal agencies urge enterprise IT admins to review their organizations' network security posture and implement the immediate actions outlined in the joint advisory to
Publish At:2021-09-22 13:25 | Read:77 | Comments:0 | Tags:Security FBI CISA ransomware

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud