09 Sep 2021

Google Android Security Update Patches 40 Vulnerabilities

Earlier this week, Google released its latest Android Security Bulletin, resolving a total of 40 vulnerabilities. The monthly update consisted of patches for seven flaws rated critical in nature. One of the security bugs tracked as CVE-2021-0687 patched this week affects Andriod 8.1, 9, 10, and 11. The most severe

Read More
12 Jul 2021

Sage X3 Vulnerabilities Can Pose Serious Risk to Organizations

Researchers at Rapid7, a cybersecurity firm, have reportedly uncovered several vulnerabilities that lie in the Sage X3 enterprise resource planning product. According to the firm, the flaws can be exploited remotely without authentication for a complete remote takeover. Of the four vulnerabilities reported by the researchers, one has been classified

Read More
09 Jun 2021

Microsoft Patch Tuesday Fixes 6 In-The-Wild Exploits, 50 Flaws

In this month’s Patch Tuesday update, Microsoft issued fixes for 5 critical exploits and 45 vulnerabilities rated important in severity in Microsoft Windows, .NET Core, and Visual Studio, Microsoft Office, Microsoft Edge, SharePoint Server, Hyper-V, Visual Studio Code, and more. Microsoft researchers discovered a highly targeted malware campaign that has

Read More
19 May 2021

Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public

According to a review of threat data from enterprise companies that was compiled between January and March this year and included in Palo Alto Networks’ 2021 Cortex Xpanse Attack Surface Threat Report, which was published today, threat actors began searching the web for vulnerable Microsoft Exchange Servers within five minutes

Read More
11 Mar 2021

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

F5 Networks has warned users to patch four critical remote command execution (RCE) flaws. The company released an advisory detailing seven vulnerabilities, four of which are critical, two that represent a high risk, and one rated medium risk. The four critical flaws lie in F5’s BIG-IP and BIG-IQ enterprise networking

Read More
27 Jan 2021

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day

On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not

Read More
20 Jan 2021

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws

Read More
21 Oct 2020

Adobe releases another out-of-band patch, squashing critical bugs across creative software

Yesterday, Adobe released another out-of-band patch, occurring outside of the company’s typical monthly security fix release cycle. The updates impact Adobe Illustrator, Dreamweaver, Marketo, After Effects, Photoshop, Animate, Premiere Pro, and other popular applications on both Windows and macOS machines. The first app the tech giant patched was Illustrator, which

Read More
26 May 2020

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs

Veracode’s annual State of Software Security report has revealed that researchers found 70 percent of applications available online contain at least one security flaw stemming from the use of an open-source library. This can arguably be attributed to a lack of awareness about where and how open source libraries are

Read More
17 Apr 2020

Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report

New Zoom zero-days have allegedly been discovered for sale, effecting Windows and macOS. Hackers have claimed that they discovered two zero-day vulnerabilities for the Zoom video conferencing platform, being sold online for $500,000. The zero-days may allow threat actors to spy on private video conferences hosted through Zoom and exploit

Read More