14 Aug 2019

22 Critical Flaws Patched in Adobe Photoshop

As part of this month’s patch Tuesday, Adobe has released fixes for 119 security vulnerabilities in its products, 25 of which are high severity flaws. Adobe Photoshop CC accounted for 22 critical bugs. Adobe warns that exploitation of these issues “could lead to arbitrary code execution in the context of

Read More
12 Aug 2019

Researchers find security flaws in 40 kernel drivers from 20 vendors

Security researchers at Eclypsium have discovered major security vulnerabilities in over 40 kernel drivers from 20 different hardware vendors. The flaws are the result of poor software design choices and allow applications with limited privileges to use driver functions in order to perform malicious actions that can impact highly sensitive parts

Read More
09 Aug 2019

Warning As Dangerous Cybersecurity Risks Found In Mainstream Office Printers: Report

A new study by security researchers at NCC Group has found “vulnerabilities and exploitations relating to devices made by six of the largest enterprise printer makers in the world.” More specifically, the researchers discovered that serious flaws present in Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh printers could be exploited

Read More
09 Aug 2019

Decade-old remote code execution bug found in phones used by Fortune 500

Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges. The remote code execution (RCE)

Read More
07 Aug 2019

Android Alert: Users Urged To Patch Critical Flaw In Qualcomm Snapdragon Chips, Millions At Risk

Security researchers at Chinese Internet giant Tencent have discovered a series of critical security flaws affecting recent Qualcomm chips including the Snapdragon 835 and 845 that are used in highly popular Android phones like the Samsung Galaxy S9, the Google Pixel 3 and the OnePlus 6, which means that millions

Read More
30 Jul 2019

Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices

Security researchers with Armis have uncovered 11 critical zero-day flaws in VxWorks, a real-time operating system (RTOS) used in 2 billion Internet-of-things (IoT) devices. The flaws don’t impact all VxWorks versions, but are estimated to affect about 200 million devices. 6 of the vulnerabilities allow for remote code execution (RCE),

Read More
23 Jul 2019

Critical RCE Flaw in Palo Alto Gateways Hits Uber

Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN

Read More
18 Jul 2019

800K Systems Still Vulnerable to BlueKeep

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable

Read More
10 Jul 2019

July 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days

As part of this month’s Patch Tuesday, Microsoft issued fixes for 78 vulnerabilities, including 15 critical flaws of which two are actively being exploited in cyber campaigns. The two zero-days are tracked as CVE-2019-0880 and CVE-2019-1132 and both are privilege escalation flaws. The former flaw affects all modern Windows versions, while the

Read More
04 Jul 2019

More Than Half of SMB Devices Run Outdated Operating Systems

New research by Alert Logic highlights common issues putting small to mid-sized businesses (SMBs) at risk of cyberattacks. The survey found that two in three (66%) SMBs still rely on operating systems that are no longer supported or will cease to be supported within the next 6 months (Windows 7

Read More