HackDig : Dig high-quality web security articles for hacker

Long-Patched Vulnerabilities Still Present in Many Popular Android Apps

Critical vulnerabilities that have been fixed years ago are still present in many popular Android applications due to their developer’s failure to apply patches available for third-party components.Researchers at Check Point have selected three critical arbitrary code execution vulnerabilities patched in 2014, 2015 and 2016 in widely used third-party librari
Publish At:2019-11-21 12:00 | Read:53 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

DopplePaymer Ransomware Spreads via Compromised Credentials: Microsoft

The DopplePaymer ransomware spreads via existing Domain Admin credentials, not exploits targeting the BlueKeep vulnerability, Microsoft says.The malware, which security researchers believe to have been involved in the recent attack on Mexican state-owned oil company Petróleos Mexicanos (Pemex), has been making the rounds since June 2019, with some earlier sa
Publish At:2019-11-21 10:15 | Read:78 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Virus & Malware

XSS Flaw in Gmail's Dynamic Email Feature Earns Researcher $5,000

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail.The dynamic email feature, also known as Accelerated Mobile Pages (AMP) for email or AMP4Email, enables the use of dynamic HTML content in emails, allowing users to conduct various tasks dir
Publish At:2019-11-20 12:01 | Read:89 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

Bigger Rewards, New Targets Announced for Mozilla Bug Bounty Program

Mozilla is celebrating the 15th anniversary of its Firefox web browser with significant updates to the organization’s bug bounty program, including new targets and bigger rewards.Mozilla announced on Tuesday that it’s doubling all payouts for vulnerabilities found in critical and core websites and services, and the maximum reward for remote code execution fl
Publish At:2019-11-20 10:15 | Read:42 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying

Vulnerabilities discovered by researchers in the Android camera apps provided by Google and Samsung could have been exploited by malicious actors to spy on hundreds of millions of users.Cybersecurity firm Checkmarx reported on Tuesday that its researchers have found a way to abuse Android camera applications to conduct a wide range of spying activities, incl
Publish At:2019-11-19 12:00 | Read:57 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery

It took Swiss-based industrial technology solutions provider ABB five years to inform customers of a critical vulnerability affecting one of its products, and the researcher who found it says this increased the chances of threat actors discovering and exploiting the security flaw.The United States Department of Homeland Security, through its Cybersecurity an
Publish At:2019-11-18 22:15 | Read:116 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

Zero-Day Exploits Earn Hackers Over $500K at Chinese Competition

White hat hackers have earned $545,000 for successfully demonstrating zero-day exploits targeting products from VMware, Microsoft, Google, Apple, D-Link, and Adobe at the 2019 Tianfu Cup hacking competition that took place over the weekend in Chengdu, the capital of China's Sichuan province.The highest single reward, $200,000, was received by the team named
Publish At:2019-11-18 10:45 | Read:101 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

WhatsApp Vulnerability Allows Code Execution Via Malicious MP4 File

A security vulnerability in WhatsApp that was made public last week could be abused to execute arbitrary code remotely on affected devices.Tracked as CVE-2019-11931, the issue is a stack-based buffer overflow that can be triggered by sending a specially crafted MP4 file via WhatsApp, Facebook explains in an advisory.The buffer overflow occurs when the applic
Publish At:2019-11-18 10:45 | Read:31 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Undocumented Access Feature Exposes Siemens PLCs to Attacks

Siemens is working on addressing a vulnerability that can be exploited by a skilled attacker to execute arbitrary code on its SIMATIC S7-1200 programmable logic controller (PLC) by abusing a hardware-based access mode.Ali Abbasi, Tobias Scharnowski and Thorsten Holz of the Ruhr-University Bochum in Germany have conducted an analysis of Siemens S7-1200 PLCs,
Publish At:2019-11-15 22:15 | Read:80 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

New GitHub Security Lab Aims to Secure Open Source Software

GitHub this week announced GitHub Security Lab, a new initiative aimed at making open source software more secure. While GitHub Security Lab will help identify and report security flaws, developers and maintainers will be able to leverage GitHub to create fixes, coordinate disclosure, and update projects. The effort from Microsoft-owned GitHub is a
Publish At:2019-11-15 22:15 | Read:87 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

LINE Launches Public Bug Bounty Program on HackerOne

Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne.Launched in 2011, LINE has grown to become one of the largest social platforms in the world, with hundreds of millions of users globally.Following the launch of a private bug bounty program
Publish At:2019-11-15 10:15 | Read:45 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

DLL Hijacking Flaw Impacts Symantec Endpoint Protection

Symantec Endpoint Protection is the latest antivirus product found to unsafely load DLLs into a process that runs with SYSTEM privileges.The software is impacted by a vulnerability that could allow an attacker that has administrative privileges to bypass self-defense mechanisms and load an unsigned DLL file, SafeBreach security researchers explain in a new b
Publish At:2019-11-14 22:15 | Read:138 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gig
Publish At:2019-11-13 22:15 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Vulnerability in McAfee Antivirus Products Allows DLL Hijacking

A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence, SafeBreach security researchers have discovered.The security flaw could be abused to load unsigned DLLs into multiple services that run as NT AUTHORITYSYSTEM. The exploitation, however, requires for the attacker to have admin privile
Publish At:2019-11-13 22:15 | Read:112 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Virus Vulnerability

Newer Intel CPUs Vulnerable to Variant 2 of ZombieLoad Attack

Researchers have disclosed a new variant of the attack method dubbed ZombieLoad, which appears to also impact Intel CPUs that are not affected by the first variant of ZombieLoad.In May, a team of researchers, including experts who brought to light the existence of speculative execution side-channel vulnerabilities such as Meltdown and Spectre, disclosed seve
Publish At:2019-11-13 10:15 | Read:46 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities


Share high-quality web security related articles with you:)


Tag Cloud