Two years after a vulnerability in payment software used by municipalities across the United Sates resulted in a breach exposing the payment card details of hundreds of thousands of US citizens, threat actors have managed to attack the Click2Gov software one again. In August of this year, attackers exploited another

The Chrome and Opera browser extensions for the freemium password manager LastPass contained a vulnerability that could be exploited to make the application leak login credentials, a security researcher with Google recently discovered. In order to exploit the bug, threat actors needed to get victims to visit a malicious website

New research by Independent Security Evaluators has uncovered a total of 125 security vulnerabilities in small office/home office (SOHO) routers and network-attached storage devices (NAS). The researchers tested 13 devices in total, from vendors including Asus, Lenovo and Netgear. The report warns that all of the devices under scrutiny “had

A recently uncovered vulnerability in Instagram’s contact importer could have allowed threat actors to access private user data including full names, phone numbers and Instagram account numbers and handles. Facebook, which owns Instagram, has confirmed the flaw and resolved the issue. Exploitation of the vulnerability involved brute-forcing Instagram’s login form.

Security researchers with Trustwave have discovered that certain DSL modems and Wi-Fi routers produced by D-Link and Comba expose user passwords to the Internet as the result of various firmware vulnerabilities. D-Link devices are affected by two firmware bugs, one of which makes it possible to view a file containing

In March of this year, a cyber incident affected firewalls at multiple power generation sites across the US. According to a recent report by the North American Electric Reliability Corporation (NERC), the attack was less serious than initially thought, and did not significantly impact electricity supply. The attackers exploited “a

Cybersecurity researchers with Vulnerability Lab have uncovered two security vulnerabilities in Imperial Dabman IoT radios that could enable attackers to gain control over more than a million devices and use them to plant malware, enslave them into a botnet, and retrieve sensitive data including the Wi-Fi password of the network

A critical vulnerability in Exim software, which is used by 57% of all email servers worldwide, can enable attackers to run malicious code on impacted servers with administrative (root) privileges, the Exim team warned last Friday. The company has released a patch to address the issue. The flaw affects servers

Security researchers with Avast have discovered a range of critical flaws affecting around 600,000 GPS trackers designed for monitoring the location of children, seniors, and pets. The flaws include the presence of the same default password (123456) in all devices and the insecure transmission of data in plaintext. The vulnerabilities

Security researchers with the Zero Day Initiative (ZDI) are warning that Google has failed to include a high-severity privilege escalation vulnerability in the collection of security patches it released for the Android platform this week. The bug affects the v4l2 (Video4Linux 2) driver used in Android devices. ZDI disclosed the