17 Feb 2021

Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

Microsoft is releasing a new servicing stack update after last week’s Patch Tuesday created a slew of problems for Windows users. Microsoft has removed the latest set of updates and released a new Patch Tuesday install that fixes the initial issue and installs Windows updates. The defective update released last

Read More
17 Feb 2021

Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware

According to new research, the SHAREit application opens up Android users to malware and spyware. The app allows for remote attackers to execute malicious code through three vulnerabilities that remain unpatched. The app’s developers were allegedly informed of the flaws three months ago, and the lack of a fix represents

Read More
04 Feb 2021

Concerns Over API Security Grow as Attacks Increase

Salt Security has released a report on API security that found 66% of organizations reported that they have slowed deploying an app into production because of API security concerns. This marks the second time in recent months that researchers are warning of application program interface threats to enterprise security. The

Read More
28 Jan 2021

CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products

Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory informing industrial organizations that there is a critical flaw in SCADA/HMI products made by Fuji Electric, a Japanese electrical equipment company. This means that some organizations are facing a security threat due to potentially serious vulnerabilities.

Read More
28 Jan 2021

Pirated themes and plugins are the most widespread threat to WordPress sites

With more than 70 million malicious files on more than 1.2 million WordPress sites over the past year, pirated themes and plugins were the most common source of malware infections to sites. Wordfence, a provider of website application firewall solutions for sites operating over WordPress, detected the massive amount of

Read More
27 Jan 2021

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day

On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not

Read More
26 Jan 2021

Google reveals North Korean-backed campaign targeting security researchers

A new ongoing campaign targeting security researchers has been uncovered by Google’s Threat Analysis Group. The attackers are going to great lengths to gain the victims’ trust, posing as researchers or students themselves. The campaign consists of sophisticated social engineering techniques to persuade the security researcher to open a Microsoft

Read More
22 Jan 2021

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

Cisco has warned its users to update networking software immediately due to four severe flaws affecting the Smart Software Manager Satellite, and SD-WAN DNA. SD-WAN has three critical command injection vulnerabilities with a collective score of 9.9 out of 10. Vulnerabilities of this nature require immediate action. According to Cisco,

Read More
20 Jan 2021

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws

Read More
15 Jan 2021

NSA Recommends Using Only ‘Designated’ DNS Resolvers

The National Security Agency recommended that enterprises use only their designated DNS resolver in DNS traffic and avoid third-party resolvers. Domain Name System technology, or DNS over HTTPS, DoH, can be abused by attackers. Companies using only their designated DNS server is the safest route and all other resolvers should

Read More