HackDig : Dig high-quality web security articles

CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation

The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned of cyberattacks targeting a recently addressed vulnerability in Zoho ManageEngine.Acquired by Zoho in 2014, the enterprise IT software provides management capabilities for identity and access, endpoints, enterprise services, security information and events, and IT operations.Tr
Publish At:2022-09-23 11:02 | Read:27380 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit CI

Critical Magento vulnerability targeted in new surge of attacks

Researchers have observed a surge in hacking attempts targeting CVE-2022-24086, a critical Magento 2 vulnerability allowing unauthenticated attackers to execute code on unpatched sites.Magento is an open-source e-commerce platform owned by Adobe, used by approximately 170,000 online shopping websites worldwide.The CVE-2022-24086 vulnerability was discovered
Publish At:2022-09-22 12:45 | Read:40029 | Comments:0 | Tags:Security Vulnerability

Oracle Cloud Infrastructure Vulnerability Exposed Sensitive Data

Cloud security company Wiz has published information on an Oracle Cloud Infrastructure (OCI) vulnerability allowing attackers to modify users’ storage volumes without authorization.Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cl
Publish At:2022-09-22 11:02 | Read:33313 | Comments:0 | Tags:NEWS & INDUSTRY Cloud Security Vulnerabilities Cloud Vul

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Researchers at threat detection and response company Trellix have resurrected a 15-year-old Python vulnerability, showing that it’s more serious than initially believed and that it could affect hundreds of thousands of applications.The vulnerability in question is CVE-2007-4559, initially described as a directory traversal vulnerability in Python’s ‘tarfile’
Publish At:2022-09-22 06:52 | Read:37234 | Comments:0 | Tags:NEWS & INDUSTRY Application Security Vulnerabilities Vul

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs

Research shows that companies can have over 100,000 vulnerabilities in their systems, but 85% cannot realistically be exploitedVulnerability management firm Rezilion commissioned Ponemon Institute to conduct research into the state of vulnerability management, given the known difficulties in timely patching and the continuous growth in the number of new vuln
Publish At:2022-09-20 22:58 | Read:20167 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

CISA orders agencies to patch vulnerability used in Stuxnet attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor’s instructions to fix them.Of the six security flaws, only one was disclosed this year. It impacts Trend Micro’s Apex One platform for automated
Publish At:2022-09-16 12:45 | Read:80766 | Comments:0 | Tags:Security Vulnerability CISA

Game Acceleration Module Vulnerability Exposes Netgear Routers to Attacks

Multiple Netgear router models are vulnerable to arbitrary code execution via FunJSQ, a third-party module for online game acceleration, European security and compliance assessment company Onekey warns.Integrated in various Netgear routers and Orbi WiFi systems, the gaming optimization module is developed by China-based Xiamen Xunwang Network Technology.What
Publish At:2022-09-16 11:02 | Read:59674 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Uber hacked, internal systems breached and vulnerability reports stolen

Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's securi
Publish At:2022-09-16 00:39 | Read:55671 | Comments:0 | Tags:Security Vulnerability hack

WPGateway WordPress plugin vulnerability could allow full site takeover

There’s been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out there doing damage with no fix yet available. Sadly, th
Publish At:2022-09-14 22:45 | Read:64450 | Comments:0 | Tags:News WPGateway WordPress plugin vulnerability CVE Vulnerabil

WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin

Many WordPress sites are at risk of full compromise as attackers are actively exploiting a zero-day vulnerability in the WPGateway plugin, Defiant’s WordFence team warns.A premium plugin for the WPGateway cloud service, the WPGateway plugin provides users with WordPress installation, backup, and cloning capabilities.Tracked as CVE-2022-3180 (CVSS score of 9.
Publish At:2022-09-14 15:00 | Read:113273 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability wordpress

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat “hacks, malware, user error, deleted files, and running bad commands”. Unfortunately, running an older version of BackupBuddy could leave your site open to potential breaches.
Publish At:2022-09-13 22:45 | Read:56187 | Comments:0 | Tags:News BackupBuddy WordPress vulnerability exploit hack compro

Trend Micro warns of actively exploited Apex One RCE vulnerability

Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible.Apex One is an endpoint security platform that provides businesses with automated threat detection and response against malicious tools, malware, and vulnerabilities.This flaw (CVE-2022-40139) enables attackers to
Publish At:2022-09-13 12:45 | Read:39888 | Comments:0 | Tags:Security Vulnerability exploit

Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks

Trend Micro announced on Tuesday that it has patched several flaws in its Apex One endpoint security product, including a zero-day vulnerability.The exploited vulnerability is tracked as CVE-2022-40139 and it has been described as an improper validation issue related to a rollback function. The security hole allows the agent to download unverified rollback c
Publish At:2022-09-13 11:02 | Read:47209 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Lorenz Ransomware Gang Exploits Mitel VoIP Appliance Vulnerability in Attacks

The Lorenz ransomware group was seen exploiting a critical-severity vulnerability in Mitel MiVoice VoIP appliance for initial access into a victim’s network, cybersecurity firm Arctic Wolf reports.Active since at least 2021, the Lorenz ransomware gang has been engaging in double-extortion activities: in addition to encrypting a victim’s files, the group exfi
Publish At:2022-09-13 11:02 | Read:60385 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit ra

Cisco Patches High-Severity Vulnerability in SD-WAN vManage

Cisco has announced patches for a high-severity vulnerability in the binding configuration of SD-WAN vManage software containers.Tracked as CVE-2022-20696, the issue exists because of insufficient protection mechanisms on messaging server container ports, allowing an unauthenticated attacker to connect to an affected system using these ports.“To exploit this
Publish At:2022-09-12 11:02 | Read:66302 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud