17 May 2021

Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure

Earlier this week, Cisco announced that it had released patches for a high-severity vulnerability that lies in its AnyConnect Secure Mobility Client that can be exploited for remote code execution. The flaw was initially disclosed in November of 2020, and it has taken roughly six months for the company to

Read More
28 Apr 2021

Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses

Apple has released a patch for a zero-day vulnerability in its macOS systems that could allow attackers to bypass anti-malware protections set in place. According to Apple, the notorious Mac threat Shlayer adware dropper has already been exploiting the vulnerability for several months. Therefore, Apple urges its customers to implement

Read More
27 Apr 2021

Nvidia Warns Severe Security Bugs in GPU Driver, vGPU Software

Nvidia has warned consumers of severe security bugs that lie in their graphics processing unit (GPU) display driver and vGPU software offerings. The group of security vulnerabilities could subject gamers and users to arbitrary code execution, denial of service attacks (DoS), information disclosure, and privilege-escalation attacks. The virtual GPU software

Read More
19 Apr 2021

Coding error allowed attackers to delete Facebook live video

Facebook has recently resolved an issue that allowed attackers to delete content posted on Facebook Live without the consent of the video’s owner. Just two days ago, cybersecurity researcher Ahmad Talahmeh posted an advisory explaining how the vulnerability worked and providing a Proof-of-Concept code that was able to trigger an

Read More
16 Apr 2021

Google to Delay Publishing Bug Details for 30 Days

Google has announced that they will not publish vulnerabilities details for 30 days after the initial public disclosure, allowing customers more time to fix the bugs and implement patches before technical details are released that could potentially be used by an attacker to exploit the flaw. Google’s Project Zero team

Read More
05 Apr 2021

Trustwave Uncovers Vulnerability in Popular Website CMS

Cybersecurity firm Trustwave has uncovered a vulnerability in the website CMS, Umbraco. The organization posted about the bug, which is a privilege escalation issue, on their website earlier this week. The flaw allows for low privileged users to elevate themselves to the status of admin and reap associated benefits and

Read More
29 Mar 2021

Severe Flaws in Official ‘Facebook for WordPress’ Plugin

Security researchers have discovered critical vulnerabilities in the official Facebook for WordPress plugin, finding that they can be abused to upload arbitrary files which would likely lead to remote code execution. Wordfence researchers recently released a warning advising users to exercise caution and to implement Facebook’s patch as soon as

Read More
25 Mar 2021

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Attackers are currently targeting WordPress users who have not implemented patches to their plugins. Thrive Themes, a company that offers various products connected to WordPress, recently released patches for vulnerabilities within its services. However, researchers found that users who have failed to implement the fixes are being actively targeted by

Read More
23 Mar 2021

CISA Warns of Security Flaws in GE Power Management Devices

The US Cybersecurity and Infrastructure Security Agency has warned of critical severity flaws that lie within General Electric’s Universal Relay power management devices. The flaws could allow for denial-of-service attacks, allow an attacker to access unauthorized sensitive information, reboot the Universal Relay, and gain privileged access. The CISA stated that

Read More
26 Feb 2021

Cisco Warns of Critical Auth-Bypass Security Flaw

Cisco has allegedly fixed a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. The vulnerability could allow for a remote attacker to bypass authentication, according to the company. The bug is one of three critical flaws patched by Cisco this past week. The

Read More