09 Sep 2021

Google Android Security Update Patches 40 Vulnerabilities

Earlier this week, Google released its latest Android Security Bulletin, resolving a total of 40 vulnerabilities. The monthly update consisted of patches for seven flaws rated critical in nature. One of the security bugs tracked as CVE-2021-0687 patched this week affects Andriod 8.1, 9, 10, and 11. The most severe

Read More
28 Jul 2021

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

The US’s Cybersecurity and Infrastructure Security Agency (CISA), Australia’s Cyber Security Centre (ACSC), and the UK’s National Cyber Security Centre (NCSC), and the US FBI recently released an advisory detailing the top 30 most exploited vulnerabilities dating back to 2017. After seven months of 2021, the agencies found that CVE-2017-11882,

Read More
19 Jul 2021

UK blames China for Microsoft Exchange Server hack

On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group

Read More
13 Jul 2021

Kaseya Patches Zero-Days Used in REvil Attacks

Kaseya, a company targeted by REvil ransomware gang in a massive supply chain attack, has kept its promises and released patches that address critical zero-day vulnerabilities in the Virtual System/Server Administrator platform that was originally hit by cyberattackers. The security update addresses three different VSA vulnerabilities leveraged by REvil to

Read More
12 Jul 2021

Morgan Stanley Hit by Accellion Hack Through Third-Party Vendor

Investment banking firm Morgan Stanely has allegedly reported that the personal information of some of its customers was compromised during the Accellion hacks. Morgan Stanely disclosed the security incident to the New Hampshire Attorney General earlier this month, according to new reports. The data was compromised through a third-party vendor

Read More
12 Jul 2021

Sage X3 Vulnerabilities Can Pose Serious Risk to Organizations

Researchers at Rapid7, a cybersecurity firm, have reportedly uncovered several vulnerabilities that lie in the Sage X3 enterprise resource planning product. According to the firm, the flaws can be exploited remotely without authentication for a complete remote takeover. Of the four vulnerabilities reported by the researchers, one has been classified

Read More
29 Jun 2021

5G Security Vulnerabilities Fluster Mobile Operators

A new survey released by GSMA and Trend Micro shows that there is a concerning lack of security capabilities for private 5G networks such as factories, smart cities, industrial IoT, utilities, and other applications. 5G networks have begun to pop up across the country, however, as more and more entities

Read More
28 Jun 2021

EA ignored domain vulnerabilities for months despite warnings and breaches

New information has emerged that gaming giant Electronic Arts (EA) ignored warnings from cybersecurity researchers in December 2020 that the platform contained multiple vulnerabilities that left the company’s network severely exposed to attackers. According to researchers at Israeli cybersecurity firm Cyberpion, they approached EA late last year to inform the

Read More
24 Jun 2021

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

A faulty update mechanism has left an estimated 30 million individual Dell endpoints worldwide, according to an analysis by Eclypsium. Dell is currently facing four separate security bugs that would give attackers almost complete control and persistence over targeted devices by allowing remote adversaries to gain arbitrary code execution in

Read More
24 Jun 2021

One-click account takeover vulnerabilities in Atlassian domains patched

Check Point Research released a report on a series of vulnerabilities in Atlassian that have since been patched, stating that the bugs were found in the software solution provider’s online domains, used by thousands of enterprise clients worldwide. The vendor is based in Australia and provides tools such as Confluence,

Read More