29 Jun 2021

5G Security Vulnerabilities Fluster Mobile Operators

A new survey released by GSMA and Trend Micro shows that there is a concerning lack of security capabilities for private 5G networks such as factories, smart cities, industrial IoT, utilities, and other applications. 5G networks have begun to pop up across the country, however, as more and more entities

Read More
28 Jun 2021

EA ignored domain vulnerabilities for months despite warnings and breaches

New information has emerged that gaming giant Electronic Arts (EA) ignored warnings from cybersecurity researchers in December 2020 that the platform contained multiple vulnerabilities that left the company’s network severely exposed to attackers. According to researchers at Israeli cybersecurity firm Cyberpion, they approached EA late last year to inform the

Read More
24 Jun 2021

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

A faulty update mechanism has left an estimated 30 million individual Dell endpoints worldwide, according to an analysis by Eclypsium. Dell is currently facing four separate security bugs that would give attackers almost complete control and persistence over targeted devices by allowing remote adversaries to gain arbitrary code execution in

Read More
24 Jun 2021

One-click account takeover vulnerabilities in Atlassian domains patched

Check Point Research released a report on a series of vulnerabilities in Atlassian that have since been patched, stating that the bugs were found in the software solution provider’s online domains, used by thousands of enterprise clients worldwide. The vendor is based in Australia and provides tools such as Confluence,

Read More
22 Jun 2021

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

NVIDIA has patched nine high severity bugs found in its Jetson SoC framework pertaining to the way the program handles low-level cryptographic algorithms. The flaws allegedly impact millions of IoT devices utilizing the Jetson chips. This leaves the devices vulnerable to a variety of attacks, including denial-of-service (DoS) and data

Read More
16 Jun 2021

Millions of Connected Cameras Open to Eavesdropping

According to a warning released by the Cybersecurity and Infrastructure Security Agency, millions of connected security and home cameras contain a critical software vulnerability that could allow for remote attackers to view video feeds. The bug has been designated as a 9.1 CVSS score, meaning that it is of high

Read More
15 Jun 2021

Critical remote code execution flaw in thousands of VMWare vCenter servers remains unpatched

Thousands of internet-facing VMWare vCenter servers are still impacted by critical vulnerabilities despite patches being released weeks ago, warn researchers. The vulnerabilities impact the centralized management utility Center Server. VMWare issued patches for the two critical bugs on May 25, however, not all servers have adhered to recommendations and implemented

Read More
28 May 2021

Researchers find four new malware tools created to exploit Pulse Secure VPN appliances

Researchers at FireEye have disclosed attacks against defense, government, and financial organizations leveraging vulnerabilities in the Pulse Secure VPN software. Pulse Secure’s virtual private network and Secure Connect solutions are used by organizations worldwide to ensure secure access to business systems. FireEye reportedly discovered four new malware families designed specifically

Read More
17 May 2021

Impacted Vendors Release Advisories for FragAttacks Vulnerabilities

Vendors impacted in the FragAttacks, a series of recently disclosed Wi-Fi vulnerabilities, have released security advisories in response. A dozen CVE identifiers have been assigned to the set of vulnerabilities after they were discovered last year by security researcher Mathy Vanhoef. The vulnerabilities consist of three design flaws and nine

Read More
07 May 2021

Critical Cisco SD-WAN, HyperFlex Bugs Threaten Corporate Networks

Cisco has rolled out patches addressing severe vulnerabilities that could be exploited to perform remote code execution and privilege escalation. The flaws lie in the SD-WAN vManage Software. The bugs could allow an unauthenticated attacker to steal information from vulnerable networks. Cisco also disclosed a denial-of-service issue in the same

Read More