03 Jul 2019

US Military Warns Outlook Users To Update Immediately Over Hack Linked To Iran

US Cyber Command has issued an unprecedented alert about the “active malicious use” of a critical vulnerability in Microsoft Outlook by Iranian hackers. The warning follows recent reports that Iran and the US are targeting each other in offensive cyber campaigns in the midst of mounting tensions between the two

Read More
03 Jul 2019

BlueKeep: Researchers show how dangerous this Windows exploit could really be

Researchers with Sophos have developed a Proof-of-Concept (PoC) for the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The exploit would enable attackers to take over hundreds of thousands of devices that are still thought to be vulnerable even though

Read More
27 Jun 2019

EA Origin had a vulnerability that left 300 million players potentially exposed

Researchers with Check Point and CyberInt recently found a critical vulnerability in EA Origin, a highly popular digital distribution platform for EA video games. By exploiting the flaw, threat actors could have obtained access to the user accounts of over 300 million players. Exploitation of the vulnerability did not require

Read More
21 Jun 2019

Millions of Dell PCs Vulnerable to Attack: Patch Now

A new report by SafeBreach warns that millions of Dell computers are at risk of being remotely compromised by threat actors due to a critical vulnerability in SupportAssist, a hardware-diagnostics tool that comes preinstalled on all Dell machines. The flaw affects a SupportAssist component made by PC-Doctor. As many as 100

Read More
20 Jun 2019

Mozilla Patches Firefox Critical Flaw Under Active Attack

Mozilla has issued a patch for a critical security flaw affecting Windows, macOS and Linux versions of the popular Firefox browser. Threat actors have already begun exploiting the vulnerability, tracked as CVE-2019-11707, in targeted campaigns in order to take over machines running the vulnerable browser. The flaw was found on

Read More
18 Jun 2019

US Govt Achieves BlueKeep Remote Code Execution, Issues Alert

The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to patch the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The agency, which operates under Department of Homeland Security oversight, issued the alert after achieving remote code execution on

Read More
14 Jun 2019

Evernote Critical Flaw Opened Personal Data of Millions to Attack

Gaurdio researchers recently uncovered a major cross site scripting (XSS) flaw in the Chrome extension for the popular note-taking app Evernote. The vulnerability made it possible for threat actors to steal highly sensitive data belonging to more than 4.6 million users. By exploiting the flaw, attackers could obtain unauthorized “access

Read More
13 Jun 2019

Two hacking groups responsible for huge spike in hacked Magento 2.x stores

New research by Sanguine Security shows that cyberattacks on websites relying on e-commerce content management system (CMS) Magento are surging due to increased activity by two hacking groups. The number of hacked websites using Magento 2.x has been doubling every month since March of this year. The campaigns are exploiting

Read More
12 Jun 2019

Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks

Security researchers at Preempt are warning that all Windows machines that don’t have the latest security patches installed, are vulnerable to remote code execution (RCE) attacks as the result of two critical flaws affecting NTLM, a key Microsoft security protocol providing authentication. By exploiting the vulnerabilities, threat actors can “remotely

Read More
12 Jun 2019

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May. CVE-2019-1069 – A local privilege escalation (LPE) flaw

Read More