HackDig : Dig high-quality web security articles for hackers

Tripwire Patch Priority Index for May 2020

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal
Publish At:2020-05-31 23:20 | Read:92 | Comments:0 | Tags:Featured Articles VERT microsoft Priority Patch Index vulner

Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software.In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019.The vulnerability (CVE-2019-10149) first appeared in
Publish At:2020-05-29 09:32 | Read:138 | Comments:0 | Tags:IT Security and Data Protection Latest Security News MTA San

Vulnerability Disclosures Drop in Q1 for First Time in a Decade

Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.The number of vulnerabilities reported publicly dropped in the first quarter of 2020 for the first time in at least a decade, falling nearly 20% to 4,968 compared with the same quarter last year, ac
Publish At:2020-05-28 13:12 | Read:105 | Comments:0 | Tags: Vulnerability

Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app

byJohn E DunnResearchers have publicised a critical security flaw in Android which could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks.Discovered by Norwegian company Promon, the bug is called ‘StrandHogg 2.0’, the name denoting that this is an “evil twin” follow up to a similar flaw of the
Publish At:2020-05-28 07:31 | Read:61 | Comments:0 | Tags:Malware Phishing Vulnerability Android promon StrandHogg 2.0

Open source libraries a big source of application security flaws

byJohn E DunnHow many vulnerabilities lurk inside the bazillions of open source libraries that today’s developers happily borrow to build their applications?Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries use
Publish At:2020-05-27 08:10 | Read:86 | Comments:0 | Tags:Vulnerability development libraries open source bugs Veracod

StrandHogg 2.0 Vulnerability Allows Hackers to Hijack Android Devices

Researchers at Norwegian app security company Promon on Tuesday disclosed the existence of a serious Android vulnerability that allows a piece of malware to hijack nearly any application installed on the victim’s device.In December 2019, Promon warned that an Android vulnerability, which it dubbed StrandHogg, was being exploited by tens of malicious Android
Publish At:2020-05-26 14:55 | Read:110 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Vulnerabilities Mobile &

Docker Desktop danger discovered, patch now

byDanny BradburyDocker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. The bug, discovered by Ceri Coburn, a researcher at security consultancy Pen Test Partners, exposed Docker for Windows to privilege elevation.Docker is a container system that lets administrators run applications in thei
Publish At:2020-05-26 12:55 | Read:83 | Comments:0 | Tags:Vulnerability Windows Docker Desktop for Windows Docker Desk

Bluetooth Vulnerability: BIAS

This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used by billions of devices. The Bluetooth standard includes a legacy authentication procedure and a secure authentication procedure, allowing devices to authen
Publish At:2020-05-26 10:24 | Read:81 | Comments:0 | Tags: Vulnerability

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization.Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics and be rea
Publish At:2020-05-26 04:17 | Read:160 | Comments:0 | Tags:Vulnerability Management VM Mountain vulnerability managemen

For six years Samsung smartphone users have been at risk from critical security bug. Patch now

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could – he claims ̵
Publish At:2020-05-24 10:11 | Read:123 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Samsung vu

The 4 Stages to a Successful Vulnerability Management Program

Have you ever been around someone who is just better at something than you are? Like when you were in school and there was this person who was effortless at doing things correctly? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they were a consistently high performer at eve
Publish At:2020-05-24 10:11 | Read:187 | Comments:0 | Tags:Vulnerability Management processes vulnerability management

The top 10 most-targeted security vulnerabilities – despite patches having been available for years

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.The l
Publish At:2020-05-24 09:59 | Read:68 | Comments:0 | Tags:Featured Articles IT Security and Data Protection vulnerabil

Reinventing Vulnerability Disclosure using Zero-knowledge Proofs

We, along with our partner Matthew Green at Johns Hopkins University, are using zero-knowledge (ZK) proofs to establish a trusted landscape in which tech companies and vulnerability researchers can communicate reasonably with one another without fear of being sabotaged or scorned. Over the next four years, we will push the state of the art in ZK proofs beyon
Publish At:2020-05-24 08:07 | Read:135 | Comments:0 | Tags:Cryptography DARPA Press Release Vulnerability

Cisco Patches Critical Vulnerability in Contact Center Software

Cisco this week released security patches to address several vulnerabilities in its products, including a critical severity bug in its Unified Contact Center Express (Unified CCX) software.Tracked as CVE-2020-3280 and assessed with a CVSS score of 9.8, the vulnerability could allow an attacker to execute arbitrary code on an affected device remotely. Th
Publish At:2020-05-24 07:51 | Read:160 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Microsoft Warns of Vulnerability Affecting Windows DNS Server

A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.Microsoft has released a security advisory addressing a vulnerability affecting Windows DNS Server. Successful exploitation of the flaw could lead to a denial-of-service attack, officials report.ADV200009 warns of a vulnerability involving packet amp
Publish At:2020-05-24 07:42 | Read:75 | Comments:0 | Tags: Vulnerability


Share high-quality web security related articles with you:)


Tag Cloud