05 Apr 2021

Trustwave Uncovers Vulnerability in Popular Website CMS

Cybersecurity firm Trustwave has uncovered a vulnerability in the website CMS, Umbraco. The organization posted about the bug, which is a privilege escalation issue, on their website earlier this week. The flaw allows for low privileged users to elevate themselves to the status of admin and reap associated benefits and

Read More
29 Mar 2021

Severe Flaws in Official ‘Facebook for WordPress’ Plugin

Security researchers have discovered critical vulnerabilities in the official Facebook for WordPress plugin, finding that they can be abused to upload arbitrary files which would likely lead to remote code execution. Wordfence researchers recently released a warning advising users to exercise caution and to implement Facebook’s patch as soon as

Read More
25 Mar 2021

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Attackers are currently targeting WordPress users who have not implemented patches to their plugins. Thrive Themes, a company that offers various products connected to WordPress, recently released patches for vulnerabilities within its services. However, researchers found that users who have failed to implement the fixes are being actively targeted by

Read More
23 Mar 2021

CISA Warns of Security Flaws in GE Power Management Devices

The US Cybersecurity and Infrastructure Security Agency has warned of critical severity flaws that lie within General Electric’s Universal Relay power management devices. The flaws could allow for denial-of-service attacks, allow an attacker to access unauthorized sensitive information, reboot the Universal Relay, and gain privileged access. The CISA stated that

Read More
26 Feb 2021

Cisco Warns of Critical Auth-Bypass Security Flaw

Cisco has allegedly fixed a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. The vulnerability could allow for a remote attacker to bypass authentication, according to the company. The bug is one of three critical flaws patched by Cisco this past week. The

Read More
01 Feb 2021

Libgcrypt developers release urgent update to tackle severe vulnerability

An open-source cryptographic library service called Libgcrypt is in hot water after a critical vulnerability was reported in their software. The vulnerability lies in the GNU Privacy Gaurd (GnuPG) module, relying on the ‘libgpg-error’ message. However, researchers have reported that the code can be used independently through more complicated means.

Read More
27 Jan 2021

Cisco DNA Center Bug Opens Enterprises to Remote Attack

A new flaw discovered in Cisco’s web-based management interface of the Cisco DNA Center opens up organizations to cross-site request forgery (CSRF) attacks. This can lead to remote attack and takeover, Cisco says. The high severity vulnerability is tracked as CVE-2021-1257 and boasts a severity score of 7.1 on the

Read More
22 Jan 2021

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has distributed an $18,000 bug bounty to a researcher who discovered an exploit that allowed an attacker to take complete control over a Kindle e-reader device, just by knowing the targeted user’s email address. The attack is referred to as KindleDrip and was first identified in October of 2020

Read More
04 Jan 2021

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Security researchers have discovered a hardcoded admin-level backdoor account on more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers. These backdoor accounts can grant attackers root access via the web administration panel or the SSH interface, making the situation a critical threat to consumers. The backdoor account was

Read More
07 Dec 2020

High-Severity Chrome Bugs Allow Browser Hacks

Google has issued an update for its Chrome web browser, fixing several vulnerabilities that could allow a threat actor to conduct computer compromise through a browser hack. The bug affects desktop versions of the browser, and the update fixed a total of eight bugs present within the current version with

Read More