HackDig : Dig high-quality web security articles for hacker

15 Easy, Effective Ways to Start Winning Back Your Online Privacy

Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back. Like most people, the internet knows way too much about me — my age, address, phone
Publish At:2019-10-12 11:20 | Read:271 | Comments:0 | Tags:Family Safety ad blockers children's privacy cloud security

iTunes Zero-Day Vulnerability Exploited by BitPaymer Ransomware

The BitPaymer ransomware operators were observed abusing a zero-day vulnerability in Apple’s iTunes for Windows to run code and evade detection, Morphisec’s security researchers have discovered.The security flaw resides in the Bonjour updater that comes packaged with iTunes for Windows and allows attackers to abuse an unquoted path to not only evade detectio
Publish At:2019-10-11 00:05 | Read:93 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vi

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

by Ashish Verma In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service
Publish At:2019-10-10 10:00 | Read:134 | Comments:0 | Tags:Vulnerabilities DevOps Vulnerability exploit

Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator

A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator.The audit was conducted by Radically Open Security as part of Mozilla’s Open Source Support program (MOSS), which aims to ensure that the open source ecosystem is “healthy and secure.” iTerm2 was selec
Publish At:2019-10-10 00:00 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

OpenDreamBox: the vulnerability that affects 32% of the world’s companies

The Internet of things (IoT) has revolutionized the business world. It has helped to streamline industrial processes, reduce costs, and has even created new business models. But, as is often the case, all of these advantages go hand in hand with a series of disadvantages. The most important of these disadvantages is the significant increase in the attack sur
Publish At:2019-10-09 10:35 | Read:197 | Comments:0 | Tags:News Security business IoT vulnerabilities Vulnerability

NSA Issues Advisory on VPN Vulnerability Trio

Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.The National Security Agency (NSA) this week issued an advisory with remediation steps for recently disclosed vulnerabilities in virtual private network (VPN) products from Palo Alto Networks, Fortinet, and Pulse Secure."Multiple Nation State Advanced Pers
Publish At:2019-10-08 23:50 | Read:41 | Comments:0 | Tags: Vulnerability

Code Execution Vulnerability Impacts NSA Reverse Engineering Tool

Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed.Developed by the NSA’s Research Directorate for the agency’s cybersecurity missions, Ghidra is designed to help with malware analysis. The framework supports multiple platforms, incl
Publish At:2019-10-08 12:00 | Read:190 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Drupalgeddon2 Vulnerability Still Endangering CMSes

A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.A vulnerability that's been patched is still a vulnerability if patches haven't been applied. And unpatched vulnerabilities are catnip to criminals. That's the case with Drupalgeddon2 (CVE-2018-7600), a critical vulnerability in CMS pl
Publish At:2019-10-07 23:50 | Read:189 | Comments:0 | Tags: Vulnerability

Signal Rushes to Patch Serious Eavesdropping Vulnerability

The developers of the popular privacy-focused messaging application Signal have rushed to patch a serious vulnerability in the Android version that can be exploited by an attacker to eavesdrop on users.The flaw, tracked as CVE-2019-17191, was discovered by Google Project Zero researcher Natalie Silvanovich. The issue was reported to Signal developers in late
Publish At:2019-10-07 12:00 | Read:267 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Privacy Vulnerabilities

Prying-Eye Vulnerability Exposes Online Meetings to Snooping

Web-conferencing users who don't assign passwords could be having online meetings with more people than they think, according to new research.The Cequence CQ Prime Threat Research team today announced its discovery in July 2019 of a vulnerability in the Cisco Webex and Zoom video-conferencing platforms that potentially
Publish At:2019-10-01 20:30 | Read:323 | Comments:0 | Tags: Vulnerability

Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the forums of cybersecurity solutions provider Comodo.Comodo informed customers on Monday that data associated with their Comodo Forums account may have been accessed by threat actors on Sunday after they exploi
Publish At:2019-10-01 12:00 | Read:248 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Incident Response Cy

Critical Remote Code Execution Vulnerability Patched in Exim Email Server

A Critical vulnerability recently addressed in the popular open-source email server Exim could lead to remote code execution. Exim is an open source mail transfer agent (MTA) widely used in systems running Linux and macOS. At the moment, Exim powers over half of email servers out there. Tracked as CVE-2019-16928, the newly addressed security vulner
Publish At:2019-10-01 00:00 | Read:210 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Vulnerabilities Vulnerabi

Vulnerability Management Firm Kenna Security Raises $48 Million

San Francisco-based vulnerability management solutions provider Kenna Security on Monday announced that it has raised $48 million in a Series D funding round, which brings the total raised by the company to $98 million.New investors Sorenson Capital and Citi Ventures, along with existing investors Bessemer Venture Partners, U.S. Venture Partners, Costanoa Ve
Publish At:2019-09-30 12:00 | Read:223 | Comments:0 | Tags:NEWS & INDUSTRY Risk Management Vulnerabilities Manageme

Cloud Vulnerability Could Let One Server Compromise Thousands

A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.A newly disclosed critical vulnerability in the OnApp cloud orchestration platform could let an attacker compromise an entire private cloud with access to a single server, researchers report.The finding comes from researchers at secur
Publish At:2019-09-27 23:50 | Read:223 | Comments:0 | Tags: Cloud Vulnerability

New iOS exploit checkm8 allows permanent compromise of iPhones

UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched. UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remot
Publish At:2019-09-27 23:20 | Read:272 | Comments:0 | Tags:Mac Apple apple security apple vulnerability checkm8 exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud