HackDig : Dig high-quality web security articles for hackers

ManageEngine ADSelfService Plus – Unauthenticated Remote Code Execution Vulnerability

Hello,Please find the below vulnerability details,-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------# Exploit Title: ManageEngine ADSelfService Plus – Unauthenticated RemoteCode Execution Vulnerability# Date: 08/08/2020# Exploit Author
Publish At:2020-08-08 04:38 | Read:72 | Comments:0 | Tags: Vulnerability

Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away

Shellshock is a bug in the Bash command-line interface shell that has existed for 30 years and was discovered as a significant threat in 2014. Today, Shellshock still remains a threat to enterprise.   The threat is certainly less risky than in the year of discovery. However, in a year in which security priorities have recalibrated to keep up with the c
Publish At:2020-08-06 09:54 | Read:88 | Comments:0 | Tags:Software & App Vulnerabilities Patch Management Shellshock V

Twitter Says Android App Vulnerability Exposed Direct Messages

Twitter informed customers on Wednesday that a vulnerability in its Android app could have been exploited by malicious applications to access private data.According to the social media giant, the flaw is related to a vulnerability that affects Android 8 and 9, which Google patched in October 2018.“Our understanding is 96% of people using Twitter for Android
Publish At:2020-08-06 08:48 | Read:100 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Incident Response Vulner

Tesla Model 3 vulnerability: What you need to know about the web browser bug

IntroductionIn 2020, Jacob Archuleta, a researcher nicknamed Nullze, discovered an important information security vulnerability on the web browser of the Tesla Model 3 automobile. If a user of the car’s boarding computer visits a specific website, the entire touchscreen becomes unusable.The vulnerability was quickly reported to Tesla in accordance with
Publish At:2020-08-05 10:20 | Read:99 | Comments:0 | Tags:Malware Analysis Vulnerability

Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues

The mechanical lock is perhaps the most fundamental, tangible, and familiar layer of security in our daily lives. People lock their doors with the expectation that these locks will keep the bad people out, but there’s a common adage in the security industry that locks are only good at keeping honest people honest. This is perhaps truer than ever in the era o
Publish At:2020-08-05 10:11 | Read:79 | Comments:0 | Tags:Featured Articles Internet of Things IoT security MQTT smart

IDA Pro Video Tutorial Series for Vulnerability Researchers & Reverse Engineers[Beginners]

IDA Pro is a disassembler. A disassembler like IDA Pro is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation called assembly language. I recently started a new video tutorial series on IDA Pro for beginner reverse engineers and vulnerability researchers in
Publish At:2020-08-04 10:37 | Read:139 | Comments:0 | Tags: Vulnerability

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the details involving the URI and Shodan scan parameters. We made the necessary changes in this post. We would like to thank F5 Networks for reaching out to us to clarify these details. With additional insights from Jemimah Molina and Augusto Remill
Publish At:2020-07-31 16:35 | Read:155 | Comments:0 | Tags:Botnets Exploits Vulnerabilities botnet CVE-2020-5902 Exploi

Effective Threat Intelligence Through Vulnerability Analysis

Vulnerabilities are weaknesses leveraged by adversaries to compromise the confidentiality, availability or integrity of a resource. The vulnerability ecosystem has matured considerably in the last few years. A significant amount of effort has been invested to capture, curate, taxonomize and communicate the vulnerabilities in terms of severity, impact and com
Publish At:2020-07-30 15:37 | Read:127 | Comments:0 | Tags:Vulnerability Management ENISA Report threat analysis vulner

'BootHole' Vulnerability Exposes Secure Boot Devices to Attack

A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot.A newly discovered vulnerability in the GRUB2 bootloader, dubbed BootHole, may threaten Linux and Windows machines using Secure Boot. Attackers who exploit it could interfere with the boot process and control how the operating system (OS) is loaded, by
Publish At:2020-07-29 19:18 | Read:108 | Comments:0 | Tags: Vulnerability

SEC Consult SA-20200728-0 :: Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere

SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >======================================================================= title: Stored Cross-Site Scripting (XSS) Vulnerability product: Namirial SIGNificant SignAnyWhere vulnerable version: v6.10.60.25434 (SSP v4.22.60.25434) v6.10.100.25817 (SSP v
Publish At:2020-07-29 15:35 | Read:82 | Comments:0 | Tags: Xss Vulnerability

Dell EMC Patches iDRAC Vulnerability

A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected.The controller was designed for secure local and remote server management to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers.Path Traversal vulnerability 
Publish At:2020-07-28 15:16 | Read:150 | Comments:0 | Tags: Vulnerability

CISA Says Hackers Exploited BIG-IP Vulnerability in Attacks on U.S. Government

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks’ BIG-IP application delivery controller (ADC).The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product’s Traffic Managemen
Publish At:2020-07-27 17:10 | Read:158 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Risk Management Vuln

SEC Consult SA-20200724-0 :: Privilege Escalation Vulnerability in SteelCentral Aternity Agent

SEC Consult Vulnerability Lab Security Advisory < 20200724-0 >======================================================================= title: Privilege Escalation Vulnerability product: SteelCentral Aternity Agent vulnerable version: 11.0.0.120 fixed version: CVE number: CVE-2020-15592, CVE-2020-15593 imp
Publish At:2020-07-24 10:25 | Read:114 | Comments:0 | Tags: Vulnerability

Vulnerability in Cisco Firewalls Exploited Shortly After Disclosure

Cisco this week informed customers that it has patched a high-severity path traversal vulnerability in its firewalls that can be exploited remotely to obtain potentially sensitive files from the targeted system. The first attempts to exploit the flaw were observed shortly after disclosure.The vulnerability, identified as CVE-2020-3452, impacts the web servic
Publish At:2020-07-24 07:00 | Read:157 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Virus & Threats Vul

PoC Released for Critical Vulnerability Exposing SharePoint Servers to Attacks

One of the vulnerabilities that Microsoft addressed on the July 2020 Patch Tuesday in .NET Framework, SharePoint, and Visual Studio could lead to remote code execution.Tracked as CVE-2020-1147 and considered critical severity, the bug occurs when the software doesn’t check the source markup of XML file input. This could provide an attacker with the opportuni
Publish At:2020-07-22 16:30 | Read:110 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud