28 May 2021

Researchers find four new malware tools created to exploit Pulse Secure VPN appliances

Researchers at FireEye have disclosed attacks against defense, government, and financial organizations leveraging vulnerabilities in the Pulse Secure VPN software. Pulse Secure’s virtual private network and Secure Connect solutions are used by organizations worldwide to ensure secure access to business systems. FireEye reportedly discovered four new malware families designed specifically

Read More
17 May 2021

Impacted Vendors Release Advisories for FragAttacks Vulnerabilities

Vendors impacted in the FragAttacks, a series of recently disclosed Wi-Fi vulnerabilities, have released security advisories in response. A dozen CVE identifiers have been assigned to the set of vulnerabilities after they were discovered last year by security researcher Mathy Vanhoef. The vulnerabilities consist of three design flaws and nine

Read More
07 May 2021

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Cisco has rolled out patches addressing severe vulnerabilities that could be exploited to perform remote code execution and privilege escalation. The flaws lie in the SD-WAN vManage Software. The bugs could allow an unauthenticated attacker to steal information from vulnerable networks. Cisco also disclosed a denial-of-service issue in the same

Read More
05 May 2021

Apple Issues Patches for Webkit Security Flaws

Apple has released security updates for vulnerabilities under active attack and affecting multiple products, including iOS, WatchOS, and iPadOS. The patches fix WebKit flaws that can be exploited by threat actors by utilizing maliciously crafted web content that ultimately leads to arbitrary code execution, according to Apple. The statement released

Read More
04 May 2021

Patch issued to tackle critical security issues present in Dell driver software since 2009

On Tuesday, SentinelLabs reported that a researcher on their team had discovered 5 serious vulnerabilities in Dell’s DBUtil BIOS driver. This technology is used in Dell’s desktop and laptop PCs, notebooks, and tablet products, therefore affecting a wide range of Dell’s offerings. The team reported that the flaws have existed

Read More
03 May 2021

Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices

Security researchers at Microsoft have warned of 25 undocumented critical memory-allocation vulnerabilities that lie across a number of vendors’ IoT and industrial devices. The flaws could be used to execute malicious code throughout a network or cause an entire system to crash. The bugs were uncovered by Microsoft’s Azure Defender

Read More
14 Apr 2021

100 Million More IoT Devices Are Exposed—and They Won’t Be the Last

A set of nine vulnerabilities are currently exposing roughly 100 million devices worldwide, according to researchers. The vulnerabilities lie in the basic code that dictates how devices communicate with the internet. What cybersecurity researchers are questioning is how to implement changes and effective defenses that will actively combat these types

Read More
05 Apr 2021

FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have issued a joint advisory warning administrators that APT groups are currently exploiting three different vulnerabilities that existing the Fortinet FortiOS. News of the active exploits was allegedly broken to the public just a few days ago

Read More
11 Mar 2021

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

F5 Networks has warned users to patch four critical remote command execution (RCE) flaws. The company released an advisory detailing seven vulnerabilities, four of which are critical, two that represent a high risk, and one rated medium risk. The four critical flaws lie in F5’s BIG-IP and BIG-IQ enterprise networking

Read More
08 Mar 2021

Microsoft Exchange Server Exploits Hit Retail, Government, Education

Attackers are taking advantage of newly reported Microsoft Exchange Server vulnerabilities, preying on victims who have not yet installed the appropriate patches released on March 2 by the tech giant. According to Mandiant, attackers utilized four critical zero-day exploits last week to target a range of organizations across retail, government,

Read More