HackDig : Dig high-quality web security articles for hackers

Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability

Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary
Publish At:2021-02-25 09:17 | Read:50 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Google Discloses Details of Remote Code Execution Vulnerability in Windows

Google’s cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have
Publish At:2021-02-25 01:29 | Read:86 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Cisco fixes maximum severity MSO auth bypass vulnerability

Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine.Cisco ACI MSO is an intersite network and policy orchestration solution that helps admins monitor the health of their organizations' interconnected sites across multip
Publish At:2021-02-24 19:19 | Read:101 | Comments:0 | Tags:Security Vulnerability

Heavily used Node.js package has a code injection vulnerability

A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month.Tracked as CVE-2021-21315, the bug impacts the "systeminformation" npm component which gets about 800,000 weekly downloads and has scored close to 34 million downloads to date since its inception.OS Command Injection bug squashedPut sim
Publish At:2021-02-24 11:31 | Read:89 | Comments:0 | Tags:Security Software Vulnerability

Twelve-Year-Old Vulnerability Found in Windows Defender

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year &#
Publish At:2021-02-24 09:14 | Read:124 | Comments:0 | Tags: Vulnerability

Exploiting the XML External Entity Injection XXE Attack Vulnerability

Hey people, in this blog we will see what is XXE attack infusion and show some basic model assaults, and lastly sum up this post with techniques to prevent XML External Entity Vulnerability.  XML External Entity XXE technically is a vulnerability that permits the hacker to find or view the data from the internal file systems of the application server and
Publish At:2021-02-24 08:31 | Read:99 | Comments:0 | Tags:Knowledge-base XML External Entity xxe attack Vulnerability

Keybase secure messaging fixes photo-leaking bug – patch now!

byPaul DucklinKeybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.”End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as w
Publish At:2021-02-23 12:31 | Read:51 | Comments:0 | Tags:Data loss Vulnerability CVE-2021-23827 data leakage KeyBase

Dependency Confusion: Another Supply-Chain Vulnerability

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article: Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app
Publish At:2021-02-23 08:30 | Read:102 | Comments:0 | Tags: Vulnerability

CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability (CVE-2021-27189)

CIRA Canadian Shield iOS Application - MITM SSL CertificateVulnerability (CVE-2021-27189)--https://www.info-sec.ca/advisories/CIRA-Canadian-Shield.htmlOverview"CIRA Canadian Shield protects you from online threats such asmalicious domains, phishing websites and helps to keep your personaldata private. It also provides DNS privacy by keeping your DNSrequ
Publish At:2021-02-23 07:57 | Read:148 | Comments:0 | Tags: IOS Vulnerability

IBM(R) Db2(R) Windows client DLL Hijacking Vulnerability(0day)

A few months ago I disclosed Cisco Webex Teams Client for Windows DLLHijacking Vulnerability I found :https://seclists.org/fulldisclosure/2020/Oct/16In that post I mentioned "I will add more details 90 days after my reportor a security bulletin available". Here it comes.NOTICE : This vulnerability seems did not get full patched!After install IBM Db
Publish At:2021-02-23 07:57 | Read:125 | Comments:0 | Tags: Vulnerability

Researcher Reports Vulnerability in Apple iCloud Domain

A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.Apple has reportedly fixed a stored cross-site scripting (XSS) vulnerability in the iCloud domain following its discovery by security researcher Vishal Bharad, ZDNet reports.Related Content:Attackers Already Targeting Apple's M1 Chip with Custom M
Publish At:2021-02-22 18:50 | Read:95 | Comments:0 | Tags: Cloud Vulnerability

SonicWall releases additional update for SMA 100 vulnerability

SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately.Last month, SonicWall disclosed that their internal systems were attacked using a zero-day vulnerability in their SMA-100 remote access devices. A week later, cybersecurity firm NCC Group discovered t
Publish At:2021-02-20 13:55 | Read:127 | Comments:0 | Tags:Security Vulnerability

SonicWall releases second firmware updates for SMA 100 vulnerability

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat ac
Publish At:2021-02-20 13:36 | Read:206 | Comments:0 | Tags:Breaking News Hacking Security hacking news information secu

[KIS-2021-02] docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability

--------------------------------------------------------------docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability--------------------------------------------------------------[-] Software Link:https://docsify.js.org/[-] Affected Versions:Version 4.11.6 and prior versions.[-] Vulnerability Description:The vulnerability exists due to an incomplet
Publish At:2021-02-19 22:03 | Read:162 | Comments:0 | Tags: Vulnerability

Vulnerability Discovery in Open Source Libraries: Analyzing CVE-2020-11863

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as more and more products use open source code, the increase in the overall attack surface is inevitable, especially when open source code is not audited before use. Hence it is recommended to thoroughly test it for potential vulnerabilitie
Publish At:2021-02-18 21:07 | Read:101 | Comments:0 | Tags:McAfee Labs Vulnerability


Tag Cloud