Hundreds of thousands of routers produced by a Latvian network hardware firm MikroTik are still vulnerable to at least one of four vulnerabilities that are over a year old. These vulnerabilities are most likely being used by attackers as their operational infrastructure. Approximately 94% of the 2 million routers deployed

Amazon Web Services is among a dozen cloud services affected by flaws in Eltima SDK, according to new reports. The flaws could enable attackers to disable security and gain kernel-level privileges. The vulnerabilities affect Amazon WorkSpaces and other cloud services that use USB other Ethernet. The flaws leave millions of

Apple has patched three zero-day security vulnerabilities in recently released updates to iOS and macOS that are being actively exploited. One of the flaws could allow an attacker to execute arbitrary code with kernel privileges and affects macOS and older versions of iPhones. The two security releases went live on

HackerOne will be expanding its Bug Bounty program, seeking to increase overall open source security. Open source projects are relied upon by enterprise players and SMBs alike and can represent some significant security risks as open-source components are stored and shared publicly. They range from full operating systems to education

According to new information uncovered by CloudSEK, millions of customers may have unknowingly exposed their personal and payment information after researchers discovered API security vulnerabilities that affect multiple different apps. CloudSEK found that of the 13,000 apps uploaded to its security search engine BeVigil for mobile applications, roughly 250 utilized

Researchers have found a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux to demonstrate hidden security threats. Researchers have dubbed the flaws OMIGOD. The Open Management Infrastructure (OMI) is software that many don’t realize is embedded in a host of services and represents a significant

Earlier this week, Google released its latest Android Security Bulletin, resolving a total of 40 vulnerabilities. The monthly update consisted of patches for seven flaws rated critical in nature. One of the security bugs tracked as CVE-2021-0687 patched this week affects Andriod 8.1, 9, 10, and 11. The most severe

The US’s Cybersecurity and Infrastructure Security Agency (CISA), Australia’s Cyber Security Centre (ACSC), and the UK’s National Cyber Security Centre (NCSC), and the US FBI recently released an advisory detailing the top 30 most exploited vulnerabilities dating back to 2017. After seven months of 2021, the agencies found that CVE-2017-11882,

On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group

Kaseya, a company targeted by REvil ransomware gang in a massive supply chain attack, has kept its promises and released patches that address critical zero-day vulnerabilities in the Virtual System/Server Administrator platform that was originally hit by cyberattackers. The security update addresses three different VSA vulnerabilities leveraged by REvil to