22 Jan 2021

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has distributed an $18,000 bug bounty to a researcher who discovered an exploit that allowed an attacker to take complete control over a Kindle e-reader device, just by knowing the targeted user’s email address. The attack is referred to as KindleDrip and was first identified in October of 2020

Read More
22 Jan 2021

Einstein Healthcare Network Announces August Breach

Einstein Health Network is a Pennsylvania based health care company offering services such as medical rehab, outpatient and primary care centers. The organization recently announced a breach in which an authorized person was able to gain access to sensitive information and emails. Einstein has known about the breach since August

Read More
22 Jan 2021

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

Cisco has warned its users to update networking software immediately due to four severe flaws affecting the Smart Software Manager Satellite, and SD-WAN DNA. SD-WAN has three critical command injection vulnerabilities with a collective score of 9.9 out of 10. Vulnerabilities of this nature require immediate action. According to Cisco,

Read More
21 Jan 2021

‘LuckyBoy’ Malvertising Campaign Hits iOS, Android, XBox Users

A new campaign is targeting mobile and other connected device users through utilizing cloaking and obfuscation techniques to evade detection. The malvertising campaign has been named LuckyBoy and consists of a multi-stage, tag-based approach and attack method. Andriod, Xbox, and iOS users are being targeted in the attacks. According to

Read More
21 Jan 2021

Ransomware is now the biggest cybersecurity concern for CISOs

According to a recent survey conducted by cybersecurity organization Proofpoint, ransomware is viewed by chief information security officers (CISOs) as currently posing the biggest cyber threat to companies. CISOs and chief security officers (CSOs) are responsible for keeping organizations safe from cyberattacks, hacking, and online threats. The survey found that

Read More
20 Jan 2021

Malwarebytes Targeted by SolarWinds Hackers

On Tuesday, Cybersecurity firm Malwarebytes conceded that it was targeted by the same hackers responsible for the SolarWinds attack, in which suspected Russian nation-state hackers compromised the systems of the IT management company in a sophisticated supply chain attack. Although Malwarebytes has not used any SolarWinds products, an internal investigation

Read More
20 Jan 2021

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws

Read More
20 Jan 2021

The aftermath of the SolarWinds breach: Organizations need to be more vigilant

In the wake of the SolarWinds breach in which several key US agencies were hacked in an espionage campaign likely perpetrated by Russian actors, security experts are voicing concerns regarding how organizations manage and implement cybersecurity best practices. It may be necessary for entities to change how they vet vendors

Read More
20 Jan 2021

A Chinese hacking group is stealing airline passenger details

The Chinese hacking group referred to as Chimera has allegedly been stealing airline passenger details over the past few years with the goal of tracking the movement of persons of interest. Chimera has been tracked by cybersecurity groups and is believed to be operating in the interest of the Chinese

Read More
19 Jan 2021

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Microsoft is allegedly pushing a domain controller “enforcement mode” by default to help mitigate the threat posed by the critical Zerologon flaw. Microsoft is aiming to force all companies to update their systems and address the flaw, as it represents a severe security risk to businesses, agencies, and organizations. Microsoft

Read More