08 Mar 2021

Microsoft Exchange Server Exploits Hit Retail, Government, Education

Attackers are taking advantage of newly reported Microsoft Exchange Server vulnerabilities, preying on victims who have not yet installed the appropriate patches released on March 2 by the tech giant. According to Mandiant, attackers utilized four critical zero-day exploits last week to target a range of organizations across retail, government,

Read More
04 Mar 2021

CISA tells Federal Agencies to Immediately Patch or ‘Disconnect’ Microsoft Exchange Servers

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has posted a new emergency directive calling on federal agencies to immediately patch or disconnect Microsoft Exchange servers. The alert follows a recent warning from Microsoft about major zero-day attacks on email servers, according to a recent posting by

Read More
17 Feb 2021

Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

Microsoft is releasing a new servicing stack update after last week’s Patch Tuesday created a slew of problems for Windows users. Microsoft has removed the latest set of updates and released a new Patch Tuesday install that fixes the initial issue and installs Windows updates. The defective update released last

Read More
17 Feb 2021

Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware

According to new research, the SHAREit application opens up Android users to malware and spyware. The app allows for remote attackers to execute malicious code through three vulnerabilities that remain unpatched. The app’s developers were allegedly informed of the flaws three months ago, and the lack of a fix represents

Read More
04 Feb 2021

Concerns Over API Security Grow as Attacks Increase

Salt Security has released a report on API security that found 66% of organizations reported that they have slowed deploying an app into production because of API security concerns. This marks the second time in recent months that researchers are warning of application program interface threats to enterprise security. The

Read More
28 Jan 2021

CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products

Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory informing industrial organizations that there is a critical flaw in SCADA/HMI products made by Fuji Electric, a Japanese electrical equipment company. This means that some organizations are facing a security threat due to potentially serious vulnerabilities.

Read More
28 Jan 2021

Pirated themes and plugins are the most widespread threat to WordPress sites

With more than 70 million malicious files on more than 1.2 million WordPress sites over the past year, pirated themes and plugins were the most common source of malware infections to sites. Wordfence, a provider of website application firewall solutions for sites operating over WordPress, detected the massive amount of

Read More
27 Jan 2021

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day

On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not

Read More
26 Jan 2021

Google reveals North Korean-backed campaign targeting security researchers

A new ongoing campaign targeting security researchers has been uncovered by Google’s Threat Analysis Group. The attackers are going to great lengths to gain the victims’ trust, posing as researchers or students themselves. The campaign consists of sophisticated social engineering techniques to persuade the security researcher to open a Microsoft

Read More
22 Jan 2021

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

Cisco has warned its users to update networking software immediately due to four severe flaws affecting the Smart Software Manager Satellite, and SD-WAN DNA. SD-WAN has three critical command injection vulnerabilities with a collective score of 9.9 out of 10. Vulnerabilities of this nature require immediate action. According to Cisco,

Read More