HackDig : Dig high-quality web security articles for hacker

Serious Security: Understanding how computers count

byPaul DucklinWe recently wrote up a fascinatingly scary warning about server hard drives that might abruptly and utterly fail.HPE warned its customers that a wide variety of its solid state disks (SSDs) needed an urgent firmware update to prevent them sailing over the edge of the earth into oblivion.The disks weren’t badly manufactured; they werenR
Publish At:2019-12-09 17:35 | Read:118 | Comments:0 | Tags:Vulnerability buffer overflow Bug overflow serious security

Beat Black Friday Scammers: Secure Your Online Purchases From Fake Payment Processors

They see you when you’re shopping, they know when you click “pay” – cybercriminals, that is. With Black Friday and Cyber Monday deals flooding the internet, malicious actors have many opportunities to exploit users rushing to purchase gifts for family and friends. And according to Ars Technica, thieves have devised a new way to steal payment-card
Publish At:2019-12-06 16:45 | Read:190 | Comments:0 | Tags:Consumer Threat Notices data protection cybersecurity vulner

VMware Patches ESXi Vulnerability That Earned Hacker $200,000

VMware on Thursday informed customers that it has released patches for a critical remote code execution vulnerability in ESXi that was disclosed recently at the Tianfu Cup hacking competition in China.According to organizers of the Tianfu Cup, a member of the 360Vulcan team demonstrated a virtual machine escape and took control of the host operating system.
Publish At:2019-12-06 10:15 | Read:63 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

VPN Connection Hijacking Vulnerability Affects Linux, Unix Systems

A vulnerability that can be exploited to determine if a user is connected to a VPN and hijack active TCP connections in a VPN tunnel has been found to affect various Linux and Unix operating systems.The vulnerability, tracked as CVE-2019-14899, was discovered recently by a team of researchers from the University of New Mexico. They privately reported their f
Publish At:2019-12-05 22:15 | Read:100 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Critical DoS messaging flaw fixed in December Android update

byJohn E DunnFor anyone lucky enough to get them, Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.In Google’s estimation, at the top of the urgent list on the 2019-12-01 patch level (see below for explanation) is CVE-2019-2232, a critical flaw affecting Andro
Publish At:2019-12-05 12:35 | Read:149 | Comments:0 | Tags:Android Google Linux Mobile Operating Systems Security threa

Siemens Offers Workarounds for Newly Found PLC Vulnerability

An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.Siemens recently issued a security advisory with workarounds and mitigations for a vulnerability uncovered by researchers in its S7-1200 programmable logic controllers (PLCs) that could be
Publish At:2019-12-03 22:10 | Read:86 | Comments:0 | Tags: Vulnerability

Microsoft Patches Vulnerability Leading to Azure Account Takeover

Microsoft recently addressed an OAuth 2.0 vulnerability that could allow an attacker to take over Azure accounts.The issue impacts specific Microsoft OAuth 2.0 applications and allows an attacker to create tokens with the victim’s permissions, CyberArk’s security researchers have discovered.The root cause of the security flaw, which CyberArk calls BlackDirec
Publish At:2019-12-03 12:00 | Read:278 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

Critical Code Execution Vulnerability Found in GoAhead Web Server

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution.Developed by EmbedThis, GoAhead is advertised as the “world's most popular tiny embedded web server.” Both open source and enterprise versions are available and the vendor says GoAhead is pr
Publish At:2019-12-03 10:15 | Read:165 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Vulnerability

'StrandHogg' Vulnerability Exploited by Malicious Android Apps

Norwegian app security company Promon on Monday disclosed the existence of a vulnerability that has been exploited by tens of malicious Android apps, and warned that hundreds of popular applications are at risk of being targeted.Promon has dubbed the flaw StrandHogg, which is an old Norse term describing a Viking tactic that involved raiding coastal areas to
Publish At:2019-12-02 22:15 | Read:255 | Comments:0 | Tags:Mobile Security NEWS & INDUSTRY Malware Vulnerabilities

StrandHogg Vulnerability Affects All Versions of Android

The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.A newly discovered vulnerability in the Android operating system could let attackers abuse legitimate apps to deliver malware. In doing so, they could track users without their knowledge.Researchers with Norwegian app
Publish At:2019-12-02 22:10 | Read:249 | Comments:0 | Tags: Vulnerability

DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies

The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.The US government will require each civilian agency to create a public policy for software-vulnerability disclosure, as well as a strategy for handling any potential secu
Publish At:2019-12-02 22:10 | Read:194 | Comments:0 | Tags: Vulnerability

Vulnerability Allows Hackers to Take Control of ABB Substation Protection Devices

A critical vulnerability affecting some Relion protection devices from ABB can be exploited to take control of a device or cause it to become inoperable, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned last week.The flaw affects Relion 670 series devices made by Swiss-based industrial technology solutions provider ABB. These products
Publish At:2019-12-02 10:15 | Read:243 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Vulnerabilities Vulnerabilit

Most Organizations Have Incomplete Vulnerability Information

Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.A new report shows companies that rely solely on the Common Vulnerabilities and Exposures (CVE) system for their vulnerability information are leaving themselves exposed to a substantial number of security issues they don't know about.Risk Based Security's rese
Publish At:2019-11-25 22:10 | Read:213 | Comments:0 | Tags: Vulnerability

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the under
Publish At:2019-11-25 14:35 | Read:315 | Comments:0 | Tags:Mobile Vulnerabilities vulnerability whatsapp Vulnerability

Cloudflare Open-Sources Network Vulnerability Scanner

Security and web performance services provider Cloudflare this week announced the open source availability of Flan Scan, its lightweight network vulnerability scanner.Based on the Nmap open source tool, Flan Scan was born out of the need for an easy-to-deploy scanner that could accurately detect the services on a network and then look them up in a database o
Publish At:2019-11-22 22:15 | Read:281 | Comments:0 | Tags:Network Security NEWS & INDUSTRY Vulnerabilities Cloud V

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud