HackDig : Dig high-quality web security articles for hacker

Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. Until a fix becomes available, the company has shared some workarounds and mitigations.The flaw, tracked as CVE-2020-0674 and described a
Publish At:2020-01-20 10:15 | Read:107 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Citrix Releases First Patches for Critical ADC Vulnerability

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability.Disclosed in December 2019 and tracked as CVE-2019-19781, the vulnerability could be exploited to achieve code execution. The issue impacts versions 13.0, 12.1, 12.0, 11.1, and 10.5 of both Citrix ADC and Gat
Publish At:2020-01-20 10:15 | Read:116 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Industry Reactions to Crypto Vulnerability Found by NSA: Feedback Friday

One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency.The vulnerability, tracked as CVE-2020-0601 and dubbed ChainOfFools and CurveBall, affects Windows 10, Server 2016 and Server 2019, as well as applications that rely on Windo
Publish At:2020-01-17 22:15 | Read:319 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered.Tracked as CVE-2019-19781, the vulnerability impacts Citrix ADC and Gateway products (p
Publish At:2020-01-17 22:15 | Read:270 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Microsoft Introduces Free Source Code Analyzer

Microsoft this week announced a new source code analyzer designed to identify interesting characteristics of code. Called Microsoft Application Inspector, the new tool doesn’t focus on discovering poor programming practices in the analyzed code. Instead, it looks for interesting features and metadata, such as cryptography, connections to remote resource
Publish At:2020-01-17 22:15 | Read:290 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Siemens Warns of Security Risks Associated With Use of ActiveX

Siemens this week addressed several vulnerabilities and warned customers about the security risks associated with the use of ActiveX in industrial products.Microsoft’s ActiveX controls make it possible for websites to provide certain types of content, such as videos and games, and they allow users to interact with certain types of elements in the browser, su
Publish At:2020-01-17 12:00 | Read:312 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

Hackers Earn $275,000 for Vulnerabilities in U.S. Army Systems

A total of 146 valid vulnerabilities were reported as part of the second Hack the Army bug bounty program, and more than $275,000 were paid in rewards.The challenge ran between October 9 and November 15, 2019, and was the result of a partnership between the Defense Digital Service, the U.S. Department of Defense (DoD), and hacker-powered pentesting platform
Publish At:2020-01-17 12:00 | Read:106 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

PoC Exploits Released for Cisco DCNM Vulnerabilities

A researcher who discovered many vulnerabilities in Cisco’s Data Center Network Manager (DCNM) product has made public some proof-of-concept (PoC) exploits and technical details.In early January, Cisco informed customers that it had released updates for DCNM to address several critical and high-severity vulnerabilities.The vulnerabilities rated critical can
Publish At:2020-01-16 22:15 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities exploit

PoC Exploits Released for Crypto Vulnerability Found by NSA

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.The vulnerability, named by some ChainOfFools and CurveBall, was patched by Microsoft this week with
Publish At:2020-01-16 12:00 | Read:230 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Using Gap Analysis to Fix a Leaky Enterprise

Attackers Evolve Quickly, and We Must Work Daily to Ensure We Are Ready for Their Next MoveI recently had a rather comical experience involving a leak in the watering system in my garden. One day, I noticed that one part of the system was leaking.  After that piece was replaced, a second part starting leaking. Replacing that piece resulting in a third p
Publish At:2020-01-15 22:15 | Read:197 | Comments:0 | Tags:INDUSTRY INSIGHTS Vulnerabilities

Public Bug Bounty Program Launched for Kubernetes

The Cloud Native Computing Foundation (CNCF) this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability.Kubernetes is an open-source system designed for automating deployment, scaling and management of containerized applications. It was originally developed by Google and it’s now maintained b
Publish At:2020-01-15 22:15 | Read:184 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Management & Strateg

The new critical vulnerability in Windows 10 has a solution: UPDATE NOW

Yesterday, January 14, Microsoft launched a patch for a critical security vulnerability in Windows 10, and Windows Server 2016 and 2019, among others. The vulnerability, categorized as CVE-2020-0601, which was discovered by the NSA, affects a component known as CryptoAPI (Crypt32.dll). Among the features of the CryptoAPI component is its use in digital signa
Publish At:2020-01-15 16:15 | Read:221 | Comments:0 | Tags:Business News patch management vulnerabilities windows 10 Vu

Vulnerabilities Found in VMware Tools, Workspace ONE SDK

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability.According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to es
Publish At:2020-01-15 12:00 | Read:92 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

Oracle's January 2020 CPU Delivers 334 New Patches

Oracle has released its first Critical Patch Update (CPU) for 2020, which includes a total of 334 new security patches across multiple product families.More than half (192) of the security fixes address vulnerabilities that can be exploited remotely without authentication, Oracle reveals in its advisory. Moreover, the company notes that 40 of the new patches
Publish At:2020-01-15 10:15 | Read:130 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities

January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs

2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for fixes, but Microsoft released patches for 49 vulnerabilities (eight of which are Critical and all the remaining classified as Important) in this cycle. None of these vulnerabilities are known to be under attack at this time. The listed vulnerab
Publish At:2020-01-15 03:20 | Read:238 | Comments:0 | Tags:Exploits Vulnerabilities Microsoft Patch Tuesday


Share high-quality web security related articles with you:)


Tag Cloud