HackDig : Dig high-quality web security articles for hackers

iOS 14 and iPadOS 14 Patch Vulnerabilities, Introduce New Privacy Features

Apple has patched nearly a dozen vulnerabilities and it has introduced new privacy features with the release of iOS 14 and iPadOS 14 this week.Each of the addressed security flaws impacts a different component of the operating system, namely AppleAVD, Assets, Icons, IDE Device Support, IOSurfaceAccelerator, Keyboard, Model I/O, Phone, Sandbox, Siri, and WebK
Publish At:2020-09-18 03:27 | Read:115 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Wireless Securit

Information Disclosure, XSS Vulnerabilities Patched in Drupal

Several information disclosure and cross-site scripting (XSS) vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system (CMS).The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It’s worth noting that Drupal uses the NIST Common Misuse Scoring System to deter
Publish At:2020-09-17 11:48 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

CISA Named Top-Level Root CVE Numbering Authority

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been named a Top-Level Root CVE Numbering Authority (CNA) and it will be overseeing CNAs that assign CVE identifiers for vulnerabilities in industrial control systems (ICS) and medical devices.CNAs are responsible for issuing CVE identifiers for vulnerabilities found in their own or third-p
Publish At:2020-09-17 07:54 | Read:128 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities Management &

Nozomi Networks Becomes CVE Numbering Authority

Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).As a CNA, the company will be able to assign CVE identifiers to vulnerabilities found in its own products or in third-party IoT and industrial products that are not c
Publish At:2020-09-16 12:22 | Read:45 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities Management &

U.S. House Passes IoT Cybersecurity Bill

The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices.First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.The bipartisan legislation is backed b
Publish At:2020-09-16 12:22 | Read:119 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

UK's NCSC Publishes Guide to Implementing a Vulnerability Disclosure Process

The U.K.’s National Cyber Security Center (NCSC) has released a guide to help organizations get started with implementing a vulnerability disclosure process.The NCSC’s Vulnerability Disclosure Toolkit is intended for organizations of all sizes, but should not be considered an exhaustive guide. It only presents some of the main components of the vulnerability
Publish At:2020-09-16 04:32 | Read:194 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure

Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data.A total of eight security issues were identified. Although they feature severity ratings of medium and low, even low-skilled hackers could exploit them, the Cybersecurity and Infrastructure Security Agency (CISA) warns
Publish At:2020-09-16 04:32 | Read:131 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities IoT Security

Voatz Under Fire From Infosec Community Over Its Views on Security Research

Representatives of the infosec community have signed an open letter in response to an amicus brief that mobile elections platform developer Voatz filed with the U.S. Supreme Court in the case of Nathan Van Buren.Van Buren is a former cop who was charged under the Computer Fraud and Abuse Act (CFAA) after he was bribed to search for confidential information i
Publish At:2020-09-16 00:38 | Read:118 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

Microsoft Releases Open Source Fuzzing Framework for Azure

Microsoft on Tuesday announced the release of Project OneFuzz, an open source fuzzing framework for Azure that the tech giant has been using internally for the past year to find and patch bugs.Fuzzing is used to find vulnerabilities and other bugs in software by injecting malformed data into the targeted application to see if it crashes or behaves unexpected
Publish At:2020-09-15 12:54 | Read:123 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities

Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks

Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron’s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers.The vulnerabilities were identified by researchers at security consulting firm DEVCORE and th
Publish At:2020-09-14 09:31 | Read:163 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

ICS Vendors Release Advisories for CodeMeter Vulnerabilities

Several major industrial control system (ICS) vendors have released security advisories in response to the recently disclosed vulnerabilities affecting the CodeMeter licensing and DRM solution made by Germany-based Wibu-Systems.CodeMeter provides license management capabilities and it’s designed to protect software against piracy and reverse engineering. It’
Publish At:2020-09-11 15:02 | Read:129 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

Chrome Sandbox Escape Vulnerability Earns Researchers $20,000

Two researchers have earned $20,000 from Google for reporting a sandbox escape vulnerability affecting the Chrome web browser.The flaw, tracked as CVE-2020-6573, has been described by Google as a high-severity use-after-free bug affecting Chrome’s “video” component.Google said this week that it patched the vulnerability with the release of a Chrome 85 update
Publish At:2020-09-11 11:08 | Read:93 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Attacks Targeting Recent WordPress File Manager Flaw Ramping Up

Attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager are ramping up, warns the Wordfence Threat Intelligence team at WordPress security company Defiant.With over 700,000 active installs, File Manager is a highly popular WordPress plugin that provides admins with file and folder management capabilities (copy/paste, delete,
Publish At:2020-09-11 11:07 | Read:126 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Cybercrime wordpress

New Raccoon Attack Can Allow Decryption of TLS Connections

Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected communications.Named “Raccoon,” the attack has been described as complex and the vulnerability is “very hard to exploit.” While most users should probably not be concerned about Raccoon, several majo
Publish At:2020-09-10 07:45 | Read:107 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Data Protection

Intel Releases Firmware Updates to Patch Critical Vulnerability in AMT, ISM

Intel this week released security patches to address a critical vulnerability in Active Management Technology (AMT) and Intel Standard Manageability (ISM).The bug, which Intel calls improper buffer restrictions in network subsystems, could be abused by unauthorized users to escalate privileges via network access in provisioned AMT and ISM versions before 11.
Publish At:2020-09-09 16:06 | Read:177 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Tools

Tag Cloud

Keywords