Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges. The remote code execution (RCE)

Security researchers at Chinese Internet giant Tencent have discovered a series of critical security flaws affecting recent Qualcomm chips including the Snapdragon 835 and 845 that are used in highly popular Android phones like the Samsung Galaxy S9, the Google Pixel 3 and the OnePlus 6, which means that millions

Security researchers with Armis have uncovered 11 critical zero-day flaws in VxWorks, a real-time operating system (RTOS) used in 2 billion Internet-of-things (IoT) devices. The flaws don’t impact all VxWorks versions, but are estimated to affect about 200 million devices. 6 of the vulnerabilities allow for remote code execution (RCE),

Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable

As part of this month’s Patch Tuesday, Microsoft issued fixes for 78 vulnerabilities, including 15 critical flaws of which two are actively being exploited in cyber campaigns. The two zero-days are tracked as CVE-2019-0880 and CVE-2019-1132 and both are privilege escalation flaws. The former flaw affects all modern Windows versions, while the

New research by Alert Logic highlights common issues putting small to mid-sized businesses (SMBs) at risk of cyberattacks. The survey found that two in three (66%) SMBs still rely on operating systems that are no longer supported or will cease to be supported within the next 6 months (Windows 7

US Cyber Command has issued an unprecedented alert about the “active malicious use” of a critical vulnerability in Microsoft Outlook by Iranian hackers. The warning follows recent reports that Iran and the US are targeting each other in offensive cyber campaigns in the midst of mounting tensions between the two

Researchers with Sophos have developed a Proof-of-Concept (PoC) for the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The exploit would enable attackers to take over hundreds of thousands of devices that are still thought to be vulnerable even though

Researchers with Check Point and CyberInt recently found a critical vulnerability in EA Origin, a highly popular digital distribution platform for EA video games. By exploiting the flaw, threat actors could have obtained access to the user accounts of over 300 million players. Exploitation of the vulnerability did not require