10 Dec 2021

Lack of Patching Leaves 300,000 Routers at Risk for Attack

Hundreds of thousands of routers produced by a Latvian network hardware firm MikroTik are still vulnerable to at least one of four vulnerabilities that are over a year old. These vulnerabilities are most likely being used by attackers as their operational infrastructure. Approximately 94% of the 2 million routers deployed

Read More
09 Dec 2021

AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK

Amazon Web Services is among a dozen cloud services affected by flaws in Eltima SDK, according to new reports. The flaws could enable attackers to disable security and gain kernel-level privileges. The vulnerabilities affect Amazon WorkSpaces and other cloud services that use USB other Ethernet. The flaws leave millions of

Read More
27 Sep 2021

Apple Patches 3 More Zero-Days Under Active Attack

Apple has patched three zero-day security vulnerabilities in recently released updates to iOS and macOS that are being actively exploited. One of the flaws could allow an attacker to execute arbitrary code with kernel privileges and affects macOS and older versions of iPhones. The two security releases went live on

Read More
21 Sep 2021

HackerOne expands Internet Bug Bounty project to tackle open source bugs

HackerOne will be expanding its Bug Bounty program, seeking to increase overall open source security. Open source projects are relied upon by enterprise players and SMBs alike and can represent some significant security risks as open-source components are stored and shared publicly. They range from full operating systems to education

Read More
20 Sep 2021

Payment API Vulnerabilities Exposed “Millions” of Users

According to new information uncovered by CloudSEK, millions of customers may have unknowingly exposed their personal and payment information after researchers discovered API security vulnerabilities that affect multiple different apps. CloudSEK found that of the 13,000 apps uploaded to its security search engine BeVigil for mobile applications, roughly 250 utilized

Read More
20 Sep 2021

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Researchers have found a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux to demonstrate hidden security threats. Researchers have dubbed the flaws OMIGOD. The Open Management Infrastructure (OMI) is software that many don’t realize is embedded in a host of services and represents a significant

Read More
09 Sep 2021

Google Android Security Update Patches 40 Vulnerabilities

Earlier this week, Google released its latest Android Security Bulletin, resolving a total of 40 vulnerabilities. The monthly update consisted of patches for seven flaws rated critical in nature. One of the security bugs tracked as CVE-2021-0687 patched this week affects Andriod 8.1, 9, 10, and 11. The most severe

Read More
28 Jul 2021

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

The US’s Cybersecurity and Infrastructure Security Agency (CISA), Australia’s Cyber Security Centre (ACSC), and the UK’s National Cyber Security Centre (NCSC), and the US FBI recently released an advisory detailing the top 30 most exploited vulnerabilities dating back to 2017. After seven months of 2021, the agencies found that CVE-2017-11882,

Read More
19 Jul 2021

UK blames China for Microsoft Exchange Server hack

On Monday, the UK government came forth to publicly accuse the Chinese government of perpetrating a damaging Microsoft Exchange Server hack that targeted organizations across Europe and North America. The UK joined several other entities, including the US and Microsoft itself, in claiming that China, specifically a state-sponsored hacking group

Read More
13 Jul 2021

Kaseya Patches Zero-Days Used in REvil Attacks

Kaseya, a company targeted by REvil ransomware gang in a massive supply chain attack, has kept its promises and released patches that address critical zero-day vulnerabilities in the Virtual System/Server Administrator platform that was originally hit by cyberattackers. The security update addresses three different VSA vulnerabilities leveraged by REvil to

Read More