27 Jan 2021

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day

On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not

Read More
20 Jan 2021

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws

Read More
21 Oct 2020

Adobe releases another out-of-band patch, squashing critical bugs across creative software

Yesterday, Adobe released another out-of-band patch, occurring outside of the company’s typical monthly security fix release cycle. The updates impact Adobe Illustrator, Dreamweaver, Marketo, After Effects, Photoshop, Animate, Premiere Pro, and other popular applications on both Windows and macOS machines. The first app the tech giant patched was Illustrator, which

Read More
26 May 2020

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs

Veracode’s annual State of Software Security report has revealed that researchers found 70 percent of applications available online contain at least one security flaw stemming from the use of an open-source library. This can arguably be attributed to a lack of awareness about where and how open source libraries are

Read More
17 Apr 2020

Alleged Zoom Zero-Days for Windows, MacOS for Sale, Report

New Zoom zero-days have allegedly been discovered for sale, effecting Windows and macOS. Hackers have claimed that they discovered two zero-day vulnerabilities for the Zoom video conferencing platform, being sold online for $500,000. The zero-days may allow threat actors to spy on private video conferences hosted through Zoom and exploit

Read More
15 Apr 2020

April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit

April’s Patch Tuesday consisted of 113 patches, which was most likely difficult for IT staff under WFH security concerns. This patch Tuesday includes 19 critical vulnerabilities and 94 that are classified as important. Four of the critical vulnerabilities are being exploited in the wild, however, two have previously been publicly

Read More
13 Mar 2020

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

WordPress is facing more vulnerabilities, this time in its Popup Builder plugin. The flaw allows unauthenticated attackers to inject malicious JavaScript into popups, which can then affect tens of thousands of websites and allow the attacker to steal information and take over targeted sites in the worst-case scenario. The plugin

Read More
12 Mar 2020

Intel Patches High Severity Flaws in Windows Graphics Drivers

Recently, Intel released security updates that patch 27 vulnerabilities as part of the Patch Tuesday, March 2020 edition. Ten of the flaws are classified as high security for their impact on Intel’s Graphics Drivers for Windows and the Smart Sound Technology integrated audio. The security risks outlined in this edition

Read More
06 Feb 2020

Cisco Flaws Put Millions of Workplace Devices at Risk

Researchers at the enterprise security firm Armis have reported a group of new flaws in Cisco enterprise products such as desk phones, web cameras, and network switches. These vulnerabilities could be exploited to compromise corporate networks at a significant level. Cisco currently dominates the network equipment market, therefore, the bugs

Read More
28 Jan 2020

Intel Is Patching the Patch for the Patch for Its ‘Zombieload’ Flaw

Over the past few years, security researchers have found hundreds of vulnerabilities that allow a hacker to trick Intel’s microprocessors into unauthorized data access. As the flaws have been exposed, employees have rushed to release patches for them. However, Intel has failed to patch the underlying problem behind a serious

Read More