01 Feb 2021

Libgcrypt developers release urgent update to tackle severe vulnerability

An open-source cryptographic library service called Libgcrypt is in hot water after a critical vulnerability was reported in their software. The vulnerability lies in the GNU Privacy Gaurd (GnuPG) module, relying on the ‘libgpg-error’ message. However, researchers have reported that the code can be used independently through more complicated means.

Read More
27 Jan 2021

Cisco DNA Center Bug Opens Enterprises to Remote Attack

A new flaw discovered in Cisco’s web-based management interface of the Cisco DNA Center opens up organizations to cross-site request forgery (CSRF) attacks. This can lead to remote attack and takeover, Cisco says. The high severity vulnerability is tracked as CVE-2021-1257 and boasts a severity score of 7.1 on the

Read More
22 Jan 2021

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover

Amazon has distributed an $18,000 bug bounty to a researcher who discovered an exploit that allowed an attacker to take complete control over a Kindle e-reader device, just by knowing the targeted user’s email address. The attack is referred to as KindleDrip and was first identified in October of 2020

Read More
04 Jan 2021

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Security researchers have discovered a hardcoded admin-level backdoor account on more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers. These backdoor accounts can grant attackers root access via the web administration panel or the SSH interface, making the situation a critical threat to consumers. The backdoor account was

Read More
07 Dec 2020

High-Severity Chrome Bugs Allow Browser Hacks

Google has issued an update for its Chrome web browser, fixing several vulnerabilities that could allow a threat actor to conduct computer compromise through a browser hack. The bug affects desktop versions of the browser, and the update fixed a total of eight bugs present within the current version with

Read More
07 Oct 2020

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft has released a warning concerning the Mercury APT group and their active exploitation of the Zerologon vulnerability in campaigns occurring over the past two weeks. Mercury APT is an Iranian nation-state threat actor leveraging the critical flaw to attack organizations, who have also been referred to as MuddyWater, Static

Read More
21 Sep 2020

Agencies Must Patch Zerologon Bug by Monday says US CISA

Earlier this week, the US Department of Homeland Security issued an emergency directive that calls for all civilian government agencies to patch a Windows vulnerability that has been categorized as high-risk. The bug, CVE-2020-1472, is a new form of a privilege bug that occurs when an attacker uses the Netlogon

Read More
06 Apr 2020

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an

Read More
02 Apr 2020

Two Zoom Zero-Day Flaws Uncovered

Patrick Wardle, a security researcher with Jamf, has uncovered two zero-day flaws in the Zoom macOS client version. The telecom and online class platform vulnerabilities have the potential to give local attackers root privileges, which subsequently allow the attackers to access the victims’ microphone and camera. The two flaws have

Read More
27 Feb 2020

Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!

Zero Day Initiative security researcher Simon Zuckerbraun published a demo on how attackers can exploit a recent vulnerability in Microsoft Exchange, classified as CVE-2020-0688. The flaw was patched two weeks ago, however, attackers are actively scanning the Internet for Microsoft Exchange Servers that have not been updated and are still

Read More