HackDig : Dig high-quality web security articles for hackers

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day

Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities.The patches -- contained in iOS 14.4 and iPadOS 14.4 -- are currently being pushed to mobile users via the automatic updating mechanism.  Apple did not pro
Publish At:2021-01-26 19:29 | Read:133 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Email

Firefox Cracks Down on Supercookies to Improve User Privacy

Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies.Used instead of ordinary cookies, supercookies collect information about users’ Internet browsing habits, are difficult to detect and block, and are often abused to follow users a
Publish At:2021-01-26 19:29 | Read:98 | Comments:0 | Tags:Disaster Recovery Mobile Security NEWS & INDUSTRY Privac

NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis.Detailed in late October 2020, the NAT Slipstreaming attack relies on tricking the victim into accessing a specially crafted website and exploits the browser on the device, alon
Publish At:2021-01-26 11:41 | Read:93 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Vulne

Google Warning: North Korean Gov Hackers Targeting Security Researchers

Google late Monday raised the alarm about a “government-backed entity based in North Korea” targeting -- and hacking into -- computer systems belonging to security researchers.Google’s Threat Analysis Group (TAG), a team that monitors global APT activity, said the ongoing campaign is aimed at security researchers working on vulnerability research and develop
Publish At:2021-01-25 23:59 | Read:119 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Phishers Target C-Suite with Fake Office 365 Password Expiration Reports

An ongoing phishing campaign delivering fake Office 365 password expiration reports has managed to compromise tens of C-Suite email accounts to date, according to a warning from anti-malware vendor Trend Micro.Targeting organizations in finance, government, manufacturing, real estate, and technology sectors, the campaign has claimed victims in Japan, the Uni
Publish At:2021-01-25 20:05 | Read:111 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Email Security Fraud &

Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product

Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.Open Platform Communications (OPC) is a communications protocol for operational technology (OT) systems and it’s widely used to ensure interoperability between various types of indust
Publish At:2021-01-25 12:17 | Read:88 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities

CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability

One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface.Tracked as CVE-2021-1678, the vulnerability has been described by Microsoft as an NT LAN Manager (NTLM) security feature bypass, and is rated im
Publish At:2021-01-25 12:17 | Read:122 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Sophos: Crypto-Jacking Campaign Linked to Iranian Company

An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos.The attacks result in the MrbMiner crypto-miner being installed onto the target servers, with the software apparently created, controlled, and hosted by a named Iranian company.The So
Publish At:2021-01-22 14:05 | Read:105 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Em

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP

Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the Adobe Flash plugin.With Microsoft Edge 88.0.705.50 now rolling out, users get a built-in strong password ge
Publish At:2021-01-22 14:05 | Read:114 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

Drupal Updates Patch Another Vulnerability Related to Archive Files

Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.Core patches were made available for Drupal 9.1, 9.0, 8.9, and 7, to resolve a security flaw affecting PEAR Archive_Tar, and which also impacts Drupal. The third-party library has been designed to suppo
Publish At:2021-01-21 14:41 | Read:89 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Enterprise Credentials Publicly Exposed by Cybercriminals

Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.The corporate account credentials were stolen as part of a phishing campaign that kicked off in August 2020, targeting thousands of organizations worldwide.As part of the cam
Publish At:2021-01-21 14:41 | Read:147 | Comments:0 | Tags:Endpoint Security Mobile Security NEWS & INDUSTRY Privac

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.The attack, dubbed KindleDrip, was discovered in October 2020 by Yogev Bar-On, a researcher at Israel-based cybersecurity consulting firm Realmode Labs. KindleDrip
Publish At:2021-01-21 10:47 | Read:79 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products

Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS).Several command injection bugs addressed in SD-WAN products could allow an attacker to perform actions as root on the affected devices, t
Publish At:2021-01-21 10:47 | Read:127 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw

A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020.Solution Manager (SolMan) was designed to provide central management for SAP and non-SAP systems and requires for Solution Manager Diagnostic Agent (SMDAgent) to be installed on each host, for t
Publish At:2021-01-21 02:59 | Read:117 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities expl

Oracle's January 2021 CPU Contains 329 New Security Patches

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.The January 2021 Critical Patch Update (CPU) addresses issues in both Oracle products and third-party components that are included in the company’s products, with some of the patches meant to address multiple vulnerabi
Publish At:2021-01-20 15:17 | Read:189 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities security


Tag Cloud