20 Jan 2021

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws

Read More
15 Jan 2021

NSA Recommends Smart Use of DNS Resolvers

From Dark Reading: The National Security Agency recommended that enterprises use only their designated DNS resolver in DNS traffic and avoid third-party resolvers. Domain Name System technology, or DNS over HTTPS, DoH, can be abused by attackers. Companies using only their designated DNS server is the safest route and all

Read More
14 Jan 2021

Google exposes malicious exploits targeting Windows and Android users

Due to Google’s Project Zero, zero-day vulnerabilities and bugs that could infect systems with malware can be uncovered. The project has unveiled a group of vulnerabilities that could have affected a large amount of customers had they not been discovered and patched. Two malicious servers were discovered hoping to pursue

Read More
06 Jan 2021

Google Warns of Critical Android Remote Code Execution Bug

Google’s latest Andriod security update fixed 43 bugs affecting Android handsets and Samsung phones. Two of the bigs affecting Google’s Andriod handsets were flagged as critical, while the most serious flaw lies in the Andriod System component and allows remote attackers to compromise a device through executing arbitrary code. Two

Read More
15 Dec 2020

China suspected of spying on Americans via Caribbean phone networks

China has allegedly utilized mobile phone networks in the Caribbean to surveil US mobile phone subscribers. This is part of an extensive espionage campaign against the US, according to mobile network security experts. China has exploited old vulnerabilities in the global telecommunications network to conduct active surveillance attacks through telecoms

Read More
24 Nov 2020

TikTok Awards Nearly $4,000 for Account Takeover Vulnerabilities

TikTok has awarded a researcher $4,000 for uncovering and reporting vulnerabilities that could have been exploited to perform account takeover. The bugs were found by Muhammed Taskiran, a German cybersecurity researcher. Taskiran reported the flaws in August, and they have since been patched by the social media platform. Taskiran states

Read More
18 Nov 2020

Multiple Industrial Control System Vendors Warn of Critical Bugs

Four separate industrial control system vendors, including Real Time Automation and Paradox, released warnings on vulnerabilities all within the range of critical to high-severity. The bugs cause systems to be vulnerable to remote attacks conducted by threat actors. The flaws have a severity rating of 9.8 out of 10. On

Read More
16 Nov 2020

Apple Issues Security Updates

Apple has recently released three critical security updates affecting macOS Big Sur 11.0, macOS High Sierra 10.13.6, and macOS Mojave 10.14.6. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced the patches in a notice released earlier this week urging consumers to update their devices as soon

Read More
12 Nov 2020

Google patches two more Chrome zero-days

In its latest set of updates, Google released two patches for Chrome zero-day vulnerabilities being exploited in the wild. Over the past three weeks, Google has patched a total of five zero-day flaws in Chrome. The bugs affect Chrome version 86.0.4240.198, and it is recommended that the updates be implemented

Read More
11 Nov 2020

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

An app used by healthcare workers in the Philippines has suffered from a data leak exposing sensitive patient data and credentials. The platform, COVID-KAYA, is widely used across the country to share data about COVID-19 cases. The application contained multiple critical flaws that left it vulnerable to data leaks or

Read More