HackDig : Dig high-quality web security articles for hacker

Cisco Webex Vulnerability Exploited to Join Meetings Without a Password

Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings. Cisco said the flaw had been exploited.The vulnerability, tracked as CVE-2020-3142 and classified as high severity, affected Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites, releases earlier
Publish At:2020-01-25 10:15 | Read:125 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Cisco Patches Critical Vulnerability in Network Security Tool

A critical vulnerability in the Cisco Firepower Management Center (FMC) could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator. The issue, Cisco explains, emerges from the improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external server.
Publish At:2020-01-23 22:15 | Read:225 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Vulnera

Serious security breach in Internet Explorer: Microsoft warns against use

A critical vulnerability in Internet Explorer, with the identifier CVE-2020-0674 has been published by Microsoft. It allows attackers to remotely execute code using the JScript.dll library. A security patch is currently being created. On the first patch Tuesday of 2020, Microsoft released 49 updates; shortly afterwards, the vendor reported a new zero-day sec
Publish At:2020-01-21 09:15 | Read:226 | Comments:0 | Tags:News Security Germany Microsoft vulnerability

Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. Until a fix becomes available, the company has shared some workarounds and mitigations.The flaw, tracked as CVE-2020-0674 and described a
Publish At:2020-01-20 10:15 | Read:221 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Citrix Releases First Patches for Critical ADC Vulnerability

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability.Disclosed in December 2019 and tracked as CVE-2019-19781, the vulnerability could be exploited to achieve code execution. The issue impacts versions 13.0, 12.1, 12.0, 11.1, and 10.5 of both Citrix ADC and Gat
Publish At:2020-01-20 10:15 | Read:289 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

Industry Reactions to Crypto Vulnerability Found by NSA: Feedback Friday

One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency.The vulnerability, tracked as CVE-2020-0601 and dubbed ChainOfFools and CurveBall, affects Windows 10, Server 2016 and Server 2019, as well as applications that rely on Windo
Publish At:2020-01-17 22:15 | Read:349 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered.Tracked as CVE-2019-19781, the vulnerability impacts Citrix ADC and Gateway products (p
Publish At:2020-01-17 22:15 | Read:307 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability exploit

Help?! Possible global hacker attack by Citrix vulnerability

Following another official vulnerability alert issued in the past 48 hours, which has been known since December, companies still protected from this new attack are continuously receiving new requests for help. CISA considers the vulnerability to be one of the most dangerous exploits of recent years. Potentially, some 80,000 companies worldwide are at risk. T
Publish At:2020-01-17 09:15 | Read:318 | Comments:0 | Tags:News Security business Exploit Germany vulnerability Vulnera

Exploiting the Windows CryptoAPI Vulnerability

On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of trust in a wide variety of contexts, such as HTTPS and code signing. If you want to stop reading here, get the important details, and see if you̵
Publish At:2020-01-16 15:25 | Read:239 | Comments:0 | Tags:Cryptography Exploits Vulnerability exploit

PoC Exploits Released for Crypto Vulnerability Found by NSA

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.The vulnerability, named by some ChainOfFools and CurveBall, was patched by Microsoft this week with
Publish At:2020-01-16 12:00 | Read:278 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Vulnerabilities Vuln

The new critical vulnerability in Windows 10 has a solution: UPDATE NOW

Yesterday, January 14, Microsoft launched a patch for a critical security vulnerability in Windows 10, and Windows Server 2016 and 2019, among others. The vulnerability, categorized as CVE-2020-0601, which was discovered by the NSA, affects a component known as CryptoAPI (Crypt32.dll). Among the features of the CryptoAPI component is its use in digital signa
Publish At:2020-01-15 16:15 | Read:255 | Comments:0 | Tags:Business News patch management vulnerabilities windows 10 Vu

Critical Windows Vulnerability Discovered by NSA

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious exe
Publish At:2020-01-15 09:50 | Read:175 | Comments:0 | Tags: Vulnerability

Google Researchers Detail Critical iMessage Vulnerability

Google Project Zero security researchers have published technical details on an iMessage vulnerability addressed last year, which could be exploited remotely to achieve arbitrary code execution. Tracked as CVE-2019-8641, the vulnerability is considered Critical, featuring a CVSS score of 9.8, and was discovered by Google Project Zero security researcher
Publish At:2020-01-14 22:15 | Read:165 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Vulnerab

NSA Discloses Serious Windows Vulnerability to Microsoft

The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks.The NSA reached out to reporters to inform them about the vulnerability before Microsoft rele
Publish At:2020-01-14 22:15 | Read:189 | Comments:0 | Tags:Endpoint Security NEWS & INDUSTRY Virus & Threats Vu

Windows 7 computers will no longer be patched after today

byPaul DucklinDo you know what you were doing 3736 days ago?We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.)Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the internet to help us recall what happened on 22 October 2009.That was the official release date of Windo
Publish At:2020-01-14 12:40 | Read:195 | Comments:0 | Tags:Microsoft Exploit Patch patchocalypse vulnerability Windows


Share high-quality web security related articles with you:)


Tag Cloud