09 Aug 2019

Decade-old remote code execution bug found in phones used by Fortune 500

Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges. The remote code execution (RCE)

Read More
07 Aug 2019

Android Alert: Users Urged To Patch Critical Flaw In Qualcomm Snapdragon Chips, Millions At Risk

Security researchers at Chinese Internet giant Tencent have discovered a series of critical security flaws affecting recent Qualcomm chips including the Snapdragon 835 and 845 that are used in highly popular Android phones like the Samsung Galaxy S9, the Google Pixel 3 and the OnePlus 6, which means that millions

Read More
30 Jul 2019

Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices

Security researchers with Armis have uncovered 11 critical zero-day flaws in VxWorks, a real-time operating system (RTOS) used in 2 billion Internet-of-things (IoT) devices. The flaws don’t impact all VxWorks versions, but are estimated to affect about 200 million devices. 6 of the vulnerabilities allow for remote code execution (RCE),

Read More
23 Jul 2019

Critical RCE Flaw in Palo Alto Gateways Hits Uber

Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN

Read More
18 Jul 2019

800K Systems Still Vulnerable to BlueKeep

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable

Read More
10 Jul 2019

July 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days

As part of this month’s Patch Tuesday, Microsoft issued fixes for 78 vulnerabilities, including 15 critical flaws of which two are actively being exploited in cyber campaigns. The two zero-days are tracked as CVE-2019-0880 and CVE-2019-1132 and both are privilege escalation flaws. The former flaw affects all modern Windows versions, while the

Read More
04 Jul 2019

More Than Half of SMB Devices Run Outdated Operating Systems

New research by Alert Logic highlights common issues putting small to mid-sized businesses (SMBs) at risk of cyberattacks. The survey found that two in three (66%) SMBs still rely on operating systems that are no longer supported or will cease to be supported within the next 6 months (Windows 7

Read More
03 Jul 2019

US Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran

US Cyber Command has issued an unprecedented alert about the “active malicious use” of a critical vulnerability in Microsoft Outlook by Iranian hackers. The warning follows recent reports that Iran and the US are targeting each other in offensive cyber campaigns in the midst of mounting tensions between the two

Read More
03 Jul 2019

BlueKeep: Researchers show how dangerous this Windows exploit could really be

Researchers with Sophos have developed a Proof-of-Concept (PoC) for the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The exploit would enable attackers to take over hundreds of thousands of devices that are still thought to be vulnerable even though

Read More
27 Jun 2019

EA Origin had a vulnerability that left 300 million players potentially exposed

Researchers with Check Point and CyberInt recently found a critical vulnerability in EA Origin, a highly popular digital distribution platform for EA video games. By exploiting the flaw, threat actors could have obtained access to the user accounts of over 300 million players. Exploitation of the vulnerability did not require

Read More