HackDig : Dig high-quality web security articles

Web Security Provider Jscrambler Raises $15 Million

Client-side web security provider Jscrambler on Thursday announced that a $15 million Series A financing round led by Ace Capital Partners. Existing investors Sonae IM and Portugal Ventures also participated.The company said the investment will be used to expand marketing and sales initiatives in the United States and across Europe, as well as accelerate pro
Publish At:2021-09-23 23:43 | Read:97 | Comments:0 | Tags:Cyberwarfare Endpoint Security Network Security NEWS & I

Apple Confirms New Zero-Day Attacks on Older iPhones

Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform.This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year.“Apple is aware of reports that an exploit for this issue exists in t
Publish At:2021-09-23 19:47 | Read:20 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Remotely exploitable “inetloc” zero-day vulnerability hits the Mac

An independent researcher has just published details of a “macOS Finder RCE” (remote code execution) vulnerability. The bug effectively allows an attacker to bypass Apple’s File Quarantine and Gatekeeper technologies.Apple attempted to silently fix the vulnerability in macOS Big Sur, but failed to do so properly.Let’s take a look at
Publish At:2021-09-22 23:10 | Read:40 | Comments:0 | Tags:Security & Privacy Dropbox gatekeeper vulnerabilities Vulner

Google Working on Improving Memory Safety in Chrome

Google this week shared some details on its long-term plan to improve memory safety in Chrome, while also announcing the first stable release of Chrome 94, which patches a total of 19 vulnerabilities.Over 70% of the severe bugs identified last year in Chrome were memory safety issues, namely “mistakes with pointers in the C or C++ languages,” and Google deci
Publish At:2021-09-22 11:31 | Read:156 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw

Cybersecurity researchers have been able to capture hundreds of thousands of Windows domain and application credentials due to the design and implementation of the Autodiscover protocol used by Microsoft Exchange.According to Microsoft, the Exchange Autodiscover service “provides an easy way for your client application to configure itself with minimal user i
Publish At:2021-09-22 11:31 | Read:184 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Remote Code Execution Vulnerability Found in AWS WorkSpaces

Rhino Security Labs researchers have identified a vulnerability in the AWS WorkSpaces desktop client that could allow an attacker to execute arbitrary code remotely.Tracked as CVE-2021-38112, the security bug could be triggered when the user opens a malicious WorkSpaces URI from the browser, allowing a remote attacker to execute arbitrary code on the vulnera
Publish At:2021-09-22 11:31 | Read:173 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability

More than 70 Hikvision camera and NVR models are affected by a critical vulnerability that can allow hackers to remotely take control of devices without any user interaction.The flaw, tracked as CVE-2021-36260, was discovered by a researcher who uses the online moniker “Watchful IP.” The researcher published a blog post over the weekend, but has not made pub
Publish At:2021-09-22 11:31 | Read:152 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security Vulnerabili

Flaws in Nagios Network Management Product Can Pose Risk to Many Companies

Researchers have discovered nearly a dozen vulnerabilities in widely used network management products from Nagios. The flaws could pose a serious risk to organizations as these types of products can be a tempting target for malicious actors.The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research proje
Publish At:2021-09-22 07:35 | Read:75 | Comments:0 | Tags:ICS/OT Network Security NEWS & INDUSTRY Vulnerabilities

VMWare Calls Attention to High-Severity vCenter Server Flaw

Cloud computing and virtualization technology giant VMWare on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure.“Time is of the essence,” VMWare said in a note calling attention to CVE-2021-22005, a file upload bug in the vCenter Server Analytics servi
Publish At:2021-09-21 19:47 | Read:153 | Comments:0 | Tags:Endpoint Security Network Security NEWS & INDUSTRY Appli

OpenOffice Vulnerability Exposes Users to Code Execution Attacks

A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents.Tracked as CVE-2021-33035 and discovered by security researcher Eugene Lim, the bug affects OpenOffice versions up to 4.1.10, with patches deployed in the 4.1.11 beta only, meaning that most installations out there ar
Publish At:2021-09-21 15:28 | Read:142 | Comments:0 | Tags:ICS/OT NEWS & INDUSTRY Vulnerabilities Vulnerability

Decade-Old Adobe ColdFusion Vulnerabilities Exploited by Ransomware Gang

Two ColdFusion vulnerabilities patched by Adobe more than a decade ago have been exploited by threat actors in a recent attack, according to cybersecurity firm Sophos.Sophos recently investigated an attack where an unknown threat actor deployed the Cring ransomware on the systems of an unnamed services company. The attack started with the attacker scanning t
Publish At:2021-09-21 15:27 | Read:85 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit ransomware

Russia-Linked Turla APT Uses New Backdoor in Latest Attacks

Security researchers at Cisco Talos have identified a new backdoor that Russian cyberespionage group Turla is believed to have been using in attacks since last year.Likely a second-chance backdoor, the malware is simple but capable of maintaining a prolonged stealthy presence on infected machines. Turla used the backdoor in attacks on targets in the United S
Publish At:2021-09-21 15:27 | Read:174 | Comments:0 | Tags:Endpoint Security Mobile Security Network Security NEWS &

Providing Developers Value-Focused Feedback in Security Software Development

I recently wrote an article on attracting and retaining A-Players, and one of the key elements was to ensure that leadership share the mission with developers to create a sense of purpose. Having purpose and seeing impact is incredibly important for anyone, but for engineers, understanding their impact in the context of a larger program or product can be par
Publish At:2021-09-21 11:31 | Read:70 | Comments:0 | Tags:INDUSTRY INSIGHTS Risk Management Vulnerabilities security

Attacks Targeting OMIGOD Vulnerability Ramping Up

Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month.Dubbed OMIGOD and tracked as CVE-2021-38647, this critical vulnerability was found to affect the Linux virtual machines deployed on Azure. In addition to fixes released with it
Publish At:2021-09-21 03:39 | Read:140 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Malware Vulnerabilit

EventBuilder Exposed Information of Over 100,000 Event Registrants

Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform.The data leak was discovered by researcher Bob Diachenko and Clario, a company that provides consumer security and privacy products. The exposed files were found using Grayhat Warfare, a search engine for
Publish At:2021-09-20 11:31 | Read:127 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Vulnerabilities Data Prot


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud